Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-49146 (GCVE-0-2025-49146)
Vulnerability from cvelistv5
Published
2025-06-11 14:32
Modified
2025-06-11 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:46:03.689878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:46:17.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pgjdbc",
"vendor": "pgjdbc",
"versions": [
{
"status": "affected",
"version": "\u003e= 42.7.4, \u003c 42.7.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:32:39.348Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54"
},
{
"name": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0"
}
],
"source": {
"advisory": "GHSA-hq9p-pm7w-8p54",
"discovery": "UNKNOWN"
},
"title": "pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49146",
"datePublished": "2025-06-11T14:32:39.348Z",
"dateReserved": "2025-06-02T10:39:41.635Z",
"dateUpdated": "2025-06-11T14:46:17.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-49146\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-11T15:15:42.850\",\"lastModified\":\"2025-06-12T16:06:20.180\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.\"},{\"lang\":\"es\",\"value\":\"pgjdbc es un controlador JDBC de PostgreSQL de c\u00f3digo abierto. Desde la versi\u00f3n 42.7.4 hasta la 42.7.7, cuando el controlador JDBC de PostgreSQL se configura con el enlace de canal establecido como obligatorio (el valor predeterminado es prefer), el controlador permit\u00eda incorrectamente que las conexiones procedieran con m\u00e9todos de autenticaci\u00f3n que no admiten el enlace de canal (como la autenticaci\u00f3n por contrase\u00f1a, MD5, GSS o SSPI). Esto podr\u00eda permitir que un atacante intermediario interceptara conexiones que los usuarios cre\u00edan protegidas por los requisitos de enlace de canal. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 42.7.7.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49146\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-11T14:46:03.689878Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-11T14:46:07.867Z\"}}], \"cna\": {\"title\": \"pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration\", \"source\": {\"advisory\": \"GHSA-hq9p-pm7w-8p54\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"pgjdbc\", \"product\": \"pgjdbc\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 42.7.4, \u003c 42.7.7\"}]}], \"references\": [{\"url\": \"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54\", \"name\": \"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0\", \"name\": \"https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287: Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-11T14:32:39.348Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-49146\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-11T14:46:17.286Z\", \"dateReserved\": \"2025-06-02T10:39:41.635Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-06-11T14:32:39.348Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
wid-sec-w-2025-1328
Vulnerability from csaf_certbund
Published
2025-06-15 22:00
Modified
2025-08-06 22:00
Summary
PostgreSQL JDBC Treiber: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
PostgreSQL ist eine frei verfügbare Datenbank für unterschiedliche Betriebssysteme.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle im PostgreSQL JDBC Treiber ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "PostgreSQL ist eine frei verf\u00fcgbare Datenbank f\u00fcr unterschiedliche Betriebssysteme.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle im PostgreSQL JDBC Treiber ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1328 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1328.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1328 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1328"
},
{
"category": "external",
"summary": "PostgreSQL JDBC 42.7.7 Security update for CVE-2025-49146 vom 2025-06-15",
"url": "https://www.postgresql.org/about/news/postgresql-jdbc-4277-security-update-for-cve-2025-49146-3088/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9697 vom 2025-06-26",
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10323 vom 2025-07-03",
"url": "https://access.redhat.com/errata/RHSA-2025:10323"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15264-1 vom 2025-07-05",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G22QBO2YMQDFFWTF5U3HTUBLFY6KJACA/"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - July 15 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-july-15-2025-1590658642.html"
},
{
"category": "external",
"summary": "Keycloak 26.3.2 Release Notes",
"url": "https://www.keycloak.org/2025/07/keycloak-2632-released"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13274 vom 2025-08-06",
"url": "https://access.redhat.com/errata/RHSA-2025:13274"
}
],
"source_lang": "en-US",
"title": "PostgreSQL JDBC Treiber: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2025-08-06T22:00:00.000+00:00",
"generator": {
"date": "2025-08-07T08:29:30.231+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1328",
"initial_release_date": "2025-06-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-06-25T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-06T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.3",
"product": {
"name": "Atlassian Bamboo \u003c11.0.3",
"product_id": "T045447"
}
},
{
"category": "product_version",
"name": "11.0.3",
"product": {
"name": "Atlassian Bamboo 11.0.3",
"product_id": "T045447-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:11.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.6 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c10.2.6 (LTS)",
"product_id": "T045448"
}
},
{
"category": "product_version",
"name": "10.2.6 (LTS)",
"product": {
"name": "Atlassian Bamboo 10.2.6 (LTS)",
"product_id": "T045448-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.6_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.15 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c9.6.15 (LTS)",
"product_id": "T045449"
}
},
{
"category": "product_version",
"name": "9.6.15 (LTS)",
"product": {
"name": "Atlassian Bamboo 9.6.15 (LTS)",
"product_id": "T045449-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.15_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c26.3.2",
"product": {
"name": "Open Source Keycloak \u003c26.3.2",
"product_id": "T045651"
}
},
{
"category": "product_version",
"name": "26.3.2",
"product": {
"name": "Open Source Keycloak 26.3.2",
"product_id": "T045651-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:keycloak:keycloak:26.3.2"
}
}
}
],
"category": "product_name",
"name": "Keycloak"
},
{
"branches": [
{
"category": "product_version_range",
"name": "JDBC \u003c42.7.7",
"product": {
"name": "Open Source PostgreSQL JDBC \u003c42.7.7",
"product_id": "T044641"
}
},
{
"category": "product_version",
"name": "JDBC 42.7.7",
"product": {
"name": "Open Source PostgreSQL JDBC 42.7.7",
"product_id": "T044641-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:42.7.7::jdbc"
}
}
}
],
"category": "product_name",
"name": "PostgreSQL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Cryostat 4",
"product": {
"name": "Red Hat Enterprise Linux Cryostat 4",
"product_id": "T042558",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:cryostat_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-49146",
"product_status": {
"known_affected": [
"T045448",
"T045447",
"67646",
"T045449",
"T042558",
"T027843",
"T045651",
"T044641"
]
},
"release_date": "2025-06-15T22:00:00.000+00:00",
"title": "CVE-2025-49146"
}
]
}
wid-sec-w-2025-1572
Vulnerability from csaf_certbund
Published
2025-07-15 22:00
Modified
2025-07-15 22:00
Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1572 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1572.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1572 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1572"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2025 - Appendix Oracle Fusion Middleware vom 2025-07-15",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixFMW"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-15T22:00:00.000+00:00",
"generator": {
"date": "2025-07-16T08:31:59.092+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1572",
"initial_release_date": "2025-07-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Oracle Fusion Middleware 8.5.7",
"product_id": "T034057",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
}
}
},
{
"category": "product_version",
"name": "14.1.2.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.2.0.0",
"product_id": "T040467",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.0.0"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45693",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2022-45693"
},
{
"cve": "CVE-2023-42917",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2023-42917"
},
{
"cve": "CVE-2024-12801",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-12801"
},
{
"cve": "CVE-2024-26308",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-38477",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-38477"
},
{
"cve": "CVE-2024-38819",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38828",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-38828"
},
{
"cve": "CVE-2024-47072",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-47072"
},
{
"cve": "CVE-2024-47554",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-52046",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-52046"
},
{
"cve": "CVE-2024-57699",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2024-6763",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-6763"
},
{
"cve": "CVE-2024-8176",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2024-8184",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-8184"
},
{
"cve": "CVE-2024-9143",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2025-0725",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-0725"
},
{
"cve": "CVE-2025-24928",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-24928"
},
{
"cve": "CVE-2025-27553",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27817",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-29482",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-29482"
},
{
"cve": "CVE-2025-30753",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-30753"
},
{
"cve": "CVE-2025-30762",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-30762"
},
{
"cve": "CVE-2025-31651",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-31672",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-49146",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-49146"
},
{
"cve": "CVE-2025-50064",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50064"
},
{
"cve": "CVE-2025-50072",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50072"
},
{
"cve": "CVE-2025-50073",
"product_status": {
"known_affected": [
"T040467",
"751674",
"T034057",
"829576"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50073"
}
]
}
rhsa-2025:13010
Vulnerability from csaf_redhat
Published
2025-08-07 10:54
Modified
2025-08-07 15:07
Summary
Red Hat Security Advisory: Red Hat build of Quarkus 3.20.2 release and security update
Notes
Topic
An update is now available for Red Hat build of Quarkus.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.
Details
This release of Red Hat build of Quarkus 3.20.2 includes the following CVE fixes:
* quarkus-bom: pgjdbc insecure authentication in channel binding [quarkus-3.20] (CVE-2025-49146)
* quarkus-bom: Quarkus potential data leak [quarkus-3.20] (CVE-2025-49574)
For more information, see the release notes page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat build of Quarkus.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat build of Quarkus 3.20.2 includes the following CVE fixes:\n\n* quarkus-bom: pgjdbc insecure authentication in channel binding [quarkus-3.20] (CVE-2025-49146)\n\n* quarkus-bom: Quarkus potential data leak [quarkus-3.20] (CVE-2025-49574)\n\nFor more information, see the release notes page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13010",
"url": "https://access.redhat.com/errata/RHSA-2025:13010"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/4966181",
"url": "https://access.redhat.com/articles/4966181"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/quarkus/",
"url": "https://access.redhat.com/products/quarkus/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=3.20.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=3.20.2"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.20",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.20"
},
{
"category": "external",
"summary": "QUARKUS-5653",
"url": "https://issues.redhat.com/browse/QUARKUS-5653"
},
{
"category": "external",
"summary": "QUARKUS-5662",
"url": "https://issues.redhat.com/browse/QUARKUS-5662"
},
{
"category": "external",
"summary": "QUARKUS-5663",
"url": "https://issues.redhat.com/browse/QUARKUS-5663"
},
{
"category": "external",
"summary": "QUARKUS-5858",
"url": "https://issues.redhat.com/browse/QUARKUS-5858"
},
{
"category": "external",
"summary": "QUARKUS-6336",
"url": "https://issues.redhat.com/browse/QUARKUS-6336"
},
{
"category": "external",
"summary": "QUARKUS-6337",
"url": "https://issues.redhat.com/browse/QUARKUS-6337"
},
{
"category": "external",
"summary": "QUARKUS-6338",
"url": "https://issues.redhat.com/browse/QUARKUS-6338"
},
{
"category": "external",
"summary": "QUARKUS-6339",
"url": "https://issues.redhat.com/browse/QUARKUS-6339"
},
{
"category": "external",
"summary": "QUARKUS-6342",
"url": "https://issues.redhat.com/browse/QUARKUS-6342"
},
{
"category": "external",
"summary": "QUARKUS-6343",
"url": "https://issues.redhat.com/browse/QUARKUS-6343"
},
{
"category": "external",
"summary": "QUARKUS-6344",
"url": "https://issues.redhat.com/browse/QUARKUS-6344"
},
{
"category": "external",
"summary": "QUARKUS-6346",
"url": "https://issues.redhat.com/browse/QUARKUS-6346"
},
{
"category": "external",
"summary": "QUARKUS-6347",
"url": "https://issues.redhat.com/browse/QUARKUS-6347"
},
{
"category": "external",
"summary": "QUARKUS-6348",
"url": "https://issues.redhat.com/browse/QUARKUS-6348"
},
{
"category": "external",
"summary": "QUARKUS-6349",
"url": "https://issues.redhat.com/browse/QUARKUS-6349"
},
{
"category": "external",
"summary": "QUARKUS-6350",
"url": "https://issues.redhat.com/browse/QUARKUS-6350"
},
{
"category": "external",
"summary": "QUARKUS-6353",
"url": "https://issues.redhat.com/browse/QUARKUS-6353"
},
{
"category": "external",
"summary": "QUARKUS-6356",
"url": "https://issues.redhat.com/browse/QUARKUS-6356"
},
{
"category": "external",
"summary": "QUARKUS-6359",
"url": "https://issues.redhat.com/browse/QUARKUS-6359"
},
{
"category": "external",
"summary": "QUARKUS-6360",
"url": "https://issues.redhat.com/browse/QUARKUS-6360"
},
{
"category": "external",
"summary": "QUARKUS-6361",
"url": "https://issues.redhat.com/browse/QUARKUS-6361"
},
{
"category": "external",
"summary": "QUARKUS-6362",
"url": "https://issues.redhat.com/browse/QUARKUS-6362"
},
{
"category": "external",
"summary": "QUARKUS-6363",
"url": "https://issues.redhat.com/browse/QUARKUS-6363"
},
{
"category": "external",
"summary": "QUARKUS-6364",
"url": "https://issues.redhat.com/browse/QUARKUS-6364"
},
{
"category": "external",
"summary": "QUARKUS-6365",
"url": "https://issues.redhat.com/browse/QUARKUS-6365"
},
{
"category": "external",
"summary": "QUARKUS-6367",
"url": "https://issues.redhat.com/browse/QUARKUS-6367"
},
{
"category": "external",
"summary": "QUARKUS-6368",
"url": "https://issues.redhat.com/browse/QUARKUS-6368"
},
{
"category": "external",
"summary": "QUARKUS-6369",
"url": "https://issues.redhat.com/browse/QUARKUS-6369"
},
{
"category": "external",
"summary": "QUARKUS-6370",
"url": "https://issues.redhat.com/browse/QUARKUS-6370"
},
{
"category": "external",
"summary": "QUARKUS-6371",
"url": "https://issues.redhat.com/browse/QUARKUS-6371"
},
{
"category": "external",
"summary": "QUARKUS-6373",
"url": "https://issues.redhat.com/browse/QUARKUS-6373"
},
{
"category": "external",
"summary": "QUARKUS-6375",
"url": "https://issues.redhat.com/browse/QUARKUS-6375"
},
{
"category": "external",
"summary": "QUARKUS-6377",
"url": "https://issues.redhat.com/browse/QUARKUS-6377"
},
{
"category": "external",
"summary": "QUARKUS-6378",
"url": "https://issues.redhat.com/browse/QUARKUS-6378"
},
{
"category": "external",
"summary": "QUARKUS-6379",
"url": "https://issues.redhat.com/browse/QUARKUS-6379"
},
{
"category": "external",
"summary": "QUARKUS-6382",
"url": "https://issues.redhat.com/browse/QUARKUS-6382"
},
{
"category": "external",
"summary": "QUARKUS-6384",
"url": "https://issues.redhat.com/browse/QUARKUS-6384"
},
{
"category": "external",
"summary": "QUARKUS-6385",
"url": "https://issues.redhat.com/browse/QUARKUS-6385"
},
{
"category": "external",
"summary": "QUARKUS-6386",
"url": "https://issues.redhat.com/browse/QUARKUS-6386"
},
{
"category": "external",
"summary": "QUARKUS-6387",
"url": "https://issues.redhat.com/browse/QUARKUS-6387"
},
{
"category": "external",
"summary": "QUARKUS-6388",
"url": "https://issues.redhat.com/browse/QUARKUS-6388"
},
{
"category": "external",
"summary": "QUARKUS-6389",
"url": "https://issues.redhat.com/browse/QUARKUS-6389"
},
{
"category": "external",
"summary": "QUARKUS-6390",
"url": "https://issues.redhat.com/browse/QUARKUS-6390"
},
{
"category": "external",
"summary": "QUARKUS-6391",
"url": "https://issues.redhat.com/browse/QUARKUS-6391"
},
{
"category": "external",
"summary": "QUARKUS-6392",
"url": "https://issues.redhat.com/browse/QUARKUS-6392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13010.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.20.2 release and security update",
"tracking": {
"current_release_date": "2025-08-07T15:07:31+00:00",
"generator": {
"date": "2025-08-07T15:07:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:13010",
"initial_release_date": "2025-08-07T10:54:22+00:00",
"revision_history": [
{
"date": "2025-08-07T10:54:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-07T10:54:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-07T15:07:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Quarkus 3.20.2",
"product": {
"name": "Red Hat build of Quarkus 3.20.2",
"product_id": "Red Hat build of Quarkus 3.20.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quarkus:3.20::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of Quarkus"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-49146",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2025-06-11T15:01:33.735376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372307"
}
],
"notes": [
{
"category": "description",
"text": "A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves in the middle of a connection and intercept the connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pgjdbc: pgjdbc insecure authentication in channel binding",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.20.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49146"
},
{
"category": "external",
"summary": "RHBZ#2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0",
"url": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54"
}
],
"release_date": "2025-06-11T14:32:39.348000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-07T10:54:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.20.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Quarkus 3.20.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.20.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pgjdbc: pgjdbc insecure authentication in channel binding"
},
{
"cve": "CVE-2025-49574",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"discovery_date": "2025-06-23T20:00:57.216622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374376"
}
],
"notes": [
{
"category": "description",
"text": "A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be unintentionally exposed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus/quarkus-vertx: Quarkus potential data leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.20.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49574"
},
{
"category": "external",
"summary": "RHBZ#2374376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49574"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1",
"url": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/issues/48227",
"url": "https://github.com/quarkusio/quarkus/issues/48227"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4",
"url": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4"
}
],
"release_date": "2025-06-23T19:47:05.454000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-07T10:54:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.20.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Quarkus 3.20.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.20.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.quarkus/quarkus-vertx: Quarkus potential data leak"
}
]
}
rhsa-2025:9697
Vulnerability from csaf_redhat
Published
2025-06-25 19:47
Modified
2025-08-07 15:05
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.3 for Spring Boot patch release.
Notes
Topic
Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues
fixed.
Security Fix(es):
* jetty-server: Jetty: Gzip Request Body Buffer Corruption (CVE-2024-13009)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734)
* postgresql: pgjdbc insecure authentication in channel binding (CVE-2025-49146)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues\nfixed.\n\nSecurity Fix(es):\n \n* jetty-server: Jetty: Gzip Request Body Buffer Corruption (CVE-2024-13009)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default (CVE-2025-48734)\n\n* postgresql: pgjdbc insecure authentication in channel binding (CVE-2025-49146)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9697",
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9697.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.3 for Spring Boot patch release.",
"tracking": {
"current_release_date": "2025-08-07T15:05:27+00:00",
"generator": {
"date": "2025-08-07T15:05:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:9697",
"initial_release_date": "2025-06-25T19:47:43+00:00",
"revision_history": [
{
"date": "2025-06-25T19:47:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-25T19:47:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-07T15:05:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7",
"product": {
"name": "Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7",
"product_id": "Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-05-08T18:00:47.047186+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Jetty: Gzip Request Body Buffer Corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because a buffer management vulnerability exists within the GzipHandler\u0027s buffer release mechanism when encountering gzip errors during request body inflation, this flaw can lead to the incorrect release and subsequent inadvertent sharing and corruption of request body data between concurrent uncompressed requests, results in data exposure and incorrect processing of requests due to corrupted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "RHBZ#2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"release_date": "2025-05-08T17:29:31.380000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T19:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Jetty: Gzip Request Body Buffer Corruption"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T19:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
},
{
"cve": "CVE-2025-49146",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2025-06-11T15:01:33.735376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372307"
}
],
"notes": [
{
"category": "description",
"text": "A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves in the middle of a connection and intercept the connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pgjdbc: pgjdbc insecure authentication in channel binding",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49146"
},
{
"category": "external",
"summary": "RHBZ#2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0",
"url": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54"
}
],
"release_date": "2025-06-11T14:32:39.348000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T19:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pgjdbc: pgjdbc insecure authentication in channel binding"
}
]
}
rhsa-2025:13274
Vulnerability from csaf_redhat
Published
2025-08-06 16:17
Modified
2025-08-07 15:06
Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.13.1 release and security update
Notes
Topic
Red Hat AMQ Broker 7.13.1 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.13.1 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* (CVE-2025-1948) jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability
* (CVE-2025-48734) commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
* (CVE-2025-49146) postgresql: pgjdbc insecure authentication in channel binding
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.13.1 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.13.1 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2025-1948) jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability\n* (CVE-2025-48734) commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default\n* (CVE-2025-49146) postgresql: pgjdbc insecure authentication in channel binding\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13274",
"url": "https://access.redhat.com/errata/RHSA-2025:13274"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification#important",
"url": "https://access.redhat.com/security/updates/classification#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.13.1",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.13.1"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13",
"url": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "external",
"summary": "ENTMQBR-7388",
"url": "https://issues.redhat.com/browse/ENTMQBR-7388"
},
{
"category": "external",
"summary": "ENTMQBR-9783",
"url": "https://issues.redhat.com/browse/ENTMQBR-9783"
},
{
"category": "external",
"summary": "ENTMQBR-9821",
"url": "https://issues.redhat.com/browse/ENTMQBR-9821"
},
{
"category": "external",
"summary": "ENTMQBR-9838",
"url": "https://issues.redhat.com/browse/ENTMQBR-9838"
},
{
"category": "external",
"summary": "ENTMQBR-9840",
"url": "https://issues.redhat.com/browse/ENTMQBR-9840"
},
{
"category": "external",
"summary": "ENTMQBR-9843",
"url": "https://issues.redhat.com/browse/ENTMQBR-9843"
},
{
"category": "external",
"summary": "ENTMQBR-9873",
"url": "https://issues.redhat.com/browse/ENTMQBR-9873"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13274.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.13.1 release and security update",
"tracking": {
"current_release_date": "2025-08-07T15:06:00+00:00",
"generator": {
"date": "2025-08-07T15:06:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:13274",
"initial_release_date": "2025-08-06T16:17:31+00:00",
"revision_history": [
{
"date": "2025-08-06T16:17:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-06T16:17:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-07T15:06:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Broker 7.13.1",
"product": {
"name": "Red Hat AMQ Broker 7.13.1",
"product_id": "Red Hat AMQ Broker 7.13.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T16:17:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13274"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Broker 7.13.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T16:17:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13274"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
},
{
"cve": "CVE-2025-49146",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2025-06-11T15:01:33.735376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372307"
}
],
"notes": [
{
"category": "description",
"text": "A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves in the middle of a connection and intercept the connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pgjdbc: pgjdbc insecure authentication in channel binding",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49146"
},
{
"category": "external",
"summary": "RHBZ#2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0",
"url": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54"
}
],
"release_date": "2025-06-11T14:32:39.348000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T16:17:31+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13274"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Broker 7.13.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pgjdbc: pgjdbc insecure authentication in channel binding"
}
]
}
rhsa-2025:10323
Vulnerability from csaf_redhat
Published
2025-07-03 12:45
Modified
2025-08-12 09:11
Summary
Red Hat Security Advisory: Red Hat build of Cryostat security update
Notes
Topic
An update is now available for the Red Hat build of Cryostat 4 on RHEL 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
An update is now available for the Red Hat build of Cryostat 4 on RHEL 9.
Security Fix(es):
* pgjdbc: pgjdbc insecure authentication in channel binding (CVE-2025-49146)
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for the Red Hat build of Cryostat 4 on RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for the Red Hat build of Cryostat 4 on RHEL 9.\n\nSecurity Fix(es):\n\n* pgjdbc: pgjdbc insecure authentication in channel binding (CVE-2025-49146)\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10323",
"url": "https://access.redhat.com/errata/RHSA-2025:10323"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10323.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat security update",
"tracking": {
"current_release_date": "2025-08-12T09:11:10+00:00",
"generator": {
"date": "2025-08-12T09:11:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:10323",
"initial_release_date": "2025-07-03T12:45:38+00:00",
"revision_history": [
{
"date": "2025-07-03T12:45:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-03T12:45:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-12T09:11:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 4 on RHEL 9",
"product": {
"name": "Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:4::el9"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.5.1-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.0.1-5"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.0.1-4"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"product": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"product_id": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-ose-oauth-proxy-rhel9\u0026tag=4.0.1-5"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"product_id": "cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.0.1-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.0.1-5"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.0.1-5"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.0.1-3"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.5.1-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.0.1-5"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.0.1-4"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"product": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"product_id": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-ose-oauth-proxy-rhel9\u0026tag=4.0.1-5"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"product_id": "cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.0.1-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.0.1-5"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.0.1-5"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.0.1-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64"
},
"product_reference": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64"
},
"product_reference": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite includes affected component however product is not directly impacted since the vulnerability arises when \"net/http\" is used as a server. Satellite uses it solely as a client, so it\u0027s not exposed to the flaw. Product Security has assessed this as Low severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-03T12:45:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10323"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
},
{
"cve": "CVE-2025-49146",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2025-06-11T15:01:33.735376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372307"
}
],
"notes": [
{
"category": "description",
"text": "A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves in the middle of a connection and intercept the connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pgjdbc: pgjdbc insecure authentication in channel binding",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49146"
},
{
"category": "external",
"summary": "RHBZ#2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0",
"url": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54"
}
],
"release_date": "2025-06-11T14:32:39.348000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-03T12:45:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10323"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:aa01ceadbd32d164f7feb7caaa2c58297b899155d3a3599c874c83bd9f57feaf_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:d08b2861242a21f3beb558cbbe1d9e7fda14cd64a98a5353fa22c9bcfaf04ec5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6005d655a5a31306699b6188bb4ece4f8db0babf1b55dd4400aecc1ef5ade929_arm64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:90561085fd86da05310ac57e3f97de218a69b7a5e696b74b743d1afdc444fa2f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:131c25a073ea4c1d5d3c769471ec7b20ee36f87cd53f1bb647c7f26128f343de_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:e6c71b8d8d6a0ec6a7a3565be7520386220269237ccd7ed3e000c237a8d079cc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:1c747d0841043cd68d1fb7f145575126028880e1f5cf2c779f5b94ea7add9df3_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:4d2c7508e6314333cd44ff44b60b7f4fd8aa9ce311abd42f820664681b17aa5f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:379db267d1a41c692837d46f28e67b8ec7116bc2039983e4a75af8a4233d854e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:9e988f77ee49c4dfd6be170995bc4e06146a8d9aa534cfd72d7317d4ffdbd4d1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:2c6ed9078f50ac596532748df08fa6ab94ee5a0013832a70e21d82e0986f352e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:8ac34200ee4ae6fe029b764f4583853012403bec5ba4976f55e21b73809bb37c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:51e431b8322892158c98ef5167c5969ca7be393e8d3604c5edcb1b6fbae9f903_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:93c9bc777689846ce98d380a9e40510e0335650098c4f1cd78d6e22708b665e9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:7ee8a548ff6dcf60f03c343d0855f31971be31dbd22f860e78cbbdb47431286d_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:a5256c3b639babff0f7ce7e1703496de30678cc66a4e75fc9fa5aa598af85c3d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:6ba83d32690961d0d460d82f0e55515b2d65a6b61b7bcc42f793c24b5edec1bd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:da64589a8fd2ddfe48c41dbf62b24a567ea443d2861dfe6a7a3eaf64d0d26749_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:372f7df5da148869525a6d92726f6d9ba877e8b225ef2c23bd87248f5b209e79_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:76a9c70cb1c3061ad99c1d85d78e9f401ad340afd89ed2a5ddcad66fa694f9f1_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:0827195b202e1a0783535915d03eeaad933af6834e7e5f8addf5ff47bcc8d744_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:bbb5fda56e73084e91f6ea8f1b32bd642fbe02163efba82d3e70166968313da3_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pgjdbc: pgjdbc insecure authentication in channel binding"
}
]
}
rhsa-2025:13012
Vulnerability from csaf_redhat
Published
2025-08-07 10:51
Modified
2025-08-07 15:07
Summary
Red Hat Security Advisory: Red Hat build of Quarkus 3.15.6 release and security update
Notes
Topic
An update is now available for Red Hat build of Quarkus.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.
Details
This release of Red Hat build of Quarkus 3.15.6 includes the following CVE fixes:
* quarkus-bom: pgjdbc insecure authentication in channel binding [quarkus-3.15] (CVE-2025-49146)
* quarkus-bom: Quarkus potential data leak [quarkus-3.15] (CVE-2025-49574)
For more information, see the release notes page listed in the References
section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat build of Quarkus.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat build of Quarkus 3.15.6 includes the following CVE fixes:\n\n* quarkus-bom: pgjdbc insecure authentication in channel binding [quarkus-3.15] (CVE-2025-49146)\n\n* quarkus-bom: Quarkus potential data leak [quarkus-3.15] (CVE-2025-49574)\n\nFor more information, see the release notes page listed in the References\nsection.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13012",
"url": "https://access.redhat.com/errata/RHSA-2025:13012"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/4966181",
"url": "https://access.redhat.com/articles/4966181"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/quarkus/",
"url": "https://access.redhat.com/products/quarkus/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=3.15.6",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=3.15.6"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/3.15",
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/3.15"
},
{
"category": "external",
"summary": "QUARKUS-5632",
"url": "https://issues.redhat.com/browse/QUARKUS-5632"
},
{
"category": "external",
"summary": "QUARKUS-6294",
"url": "https://issues.redhat.com/browse/QUARKUS-6294"
},
{
"category": "external",
"summary": "QUARKUS-6318",
"url": "https://issues.redhat.com/browse/QUARKUS-6318"
},
{
"category": "external",
"summary": "QUARKUS-6320",
"url": "https://issues.redhat.com/browse/QUARKUS-6320"
},
{
"category": "external",
"summary": "QUARKUS-6328",
"url": "https://issues.redhat.com/browse/QUARKUS-6328"
},
{
"category": "external",
"summary": "QUARKUS-6331",
"url": "https://issues.redhat.com/browse/QUARKUS-6331"
},
{
"category": "external",
"summary": "QUARKUS-6332",
"url": "https://issues.redhat.com/browse/QUARKUS-6332"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13012.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.15.6 release and security update",
"tracking": {
"current_release_date": "2025-08-07T15:07:21+00:00",
"generator": {
"date": "2025-08-07T15:07:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:13012",
"initial_release_date": "2025-08-07T10:51:36+00:00",
"revision_history": [
{
"date": "2025-08-07T10:51:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-07T10:51:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-07T15:07:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Quarkus 3.15.6",
"product": {
"name": "Red Hat build of Quarkus 3.15.6",
"product_id": "Red Hat build of Quarkus 3.15.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quarkus:3.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of Quarkus"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-49146",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2025-06-11T15:01:33.735376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372307"
}
],
"notes": [
{
"category": "description",
"text": "A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves in the middle of a connection and intercept the connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pgjdbc: pgjdbc insecure authentication in channel binding",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.15.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49146"
},
{
"category": "external",
"summary": "RHBZ#2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0",
"url": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54"
}
],
"release_date": "2025-06-11T14:32:39.348000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-07T10:51:36+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.15.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13012"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Quarkus 3.15.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.15.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pgjdbc: pgjdbc insecure authentication in channel binding"
},
{
"cve": "CVE-2025-49574",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"discovery_date": "2025-06-23T20:00:57.216622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374376"
}
],
"notes": [
{
"category": "description",
"text": "A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be unintentionally exposed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus/quarkus-vertx: Quarkus potential data leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.15.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49574"
},
{
"category": "external",
"summary": "RHBZ#2374376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49574"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1",
"url": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/issues/48227",
"url": "https://github.com/quarkusio/quarkus/issues/48227"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4",
"url": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4"
}
],
"release_date": "2025-06-23T19:47:05.454000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-07T10:51:36+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.15.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13012"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Quarkus 3.15.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.15.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.quarkus/quarkus-vertx: Quarkus potential data leak"
}
]
}
opensuse-su-2025:15264-1
Vulnerability from csaf_opensuse
Published
2025-07-03 00:00
Modified
2025-07-03 00:00
Summary
postgresql-jdbc-42.7.7-1.1 on GA media
Notes
Title of the patch
postgresql-jdbc-42.7.7-1.1 on GA media
Description of the patch
These are all security issues fixed in the postgresql-jdbc-42.7.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15264
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "postgresql-jdbc-42.7.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the postgresql-jdbc-42.7.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15264",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15264-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49146 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49146/"
}
],
"title": "postgresql-jdbc-42.7.7-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15264-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "postgresql-jdbc-42.7.7-1.1.aarch64",
"product": {
"name": "postgresql-jdbc-42.7.7-1.1.aarch64",
"product_id": "postgresql-jdbc-42.7.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.aarch64",
"product": {
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.aarch64",
"product_id": "postgresql-jdbc-javadoc-42.7.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql-jdbc-42.7.7-1.1.ppc64le",
"product": {
"name": "postgresql-jdbc-42.7.7-1.1.ppc64le",
"product_id": "postgresql-jdbc-42.7.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.ppc64le",
"product": {
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.ppc64le",
"product_id": "postgresql-jdbc-javadoc-42.7.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql-jdbc-42.7.7-1.1.s390x",
"product": {
"name": "postgresql-jdbc-42.7.7-1.1.s390x",
"product_id": "postgresql-jdbc-42.7.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.s390x",
"product": {
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.s390x",
"product_id": "postgresql-jdbc-javadoc-42.7.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql-jdbc-42.7.7-1.1.x86_64",
"product": {
"name": "postgresql-jdbc-42.7.7-1.1.x86_64",
"product_id": "postgresql-jdbc-42.7.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.x86_64",
"product": {
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.x86_64",
"product_id": "postgresql-jdbc-javadoc-42.7.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-42.7.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.aarch64"
},
"product_reference": "postgresql-jdbc-42.7.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-42.7.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.ppc64le"
},
"product_reference": "postgresql-jdbc-42.7.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-42.7.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.s390x"
},
"product_reference": "postgresql-jdbc-42.7.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-42.7.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.x86_64"
},
"product_reference": "postgresql-jdbc-42.7.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.aarch64"
},
"product_reference": "postgresql-jdbc-javadoc-42.7.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.ppc64le"
},
"product_reference": "postgresql-jdbc-javadoc-42.7.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.s390x"
},
"product_reference": "postgresql-jdbc-javadoc-42.7.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-javadoc-42.7.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.x86_64"
},
"product_reference": "postgresql-jdbc-javadoc-42.7.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-49146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49146"
}
],
"notes": [
{
"category": "general",
"text": "pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.aarch64",
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.s390x",
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.x86_64",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.aarch64",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.s390x",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49146",
"url": "https://www.suse.com/security/cve/CVE-2025-49146"
},
{
"category": "external",
"summary": "SUSE Bug 1244490 for CVE-2025-49146",
"url": "https://bugzilla.suse.com/1244490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.aarch64",
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.s390x",
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.x86_64",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.aarch64",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.s390x",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.aarch64",
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.s390x",
"openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1.x86_64",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.aarch64",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.s390x",
"openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-49146"
}
]
}
fkie_cve-2025-49146
Vulnerability from fkie_nvd
Published
2025-06-11 15:15
Modified
2025-06-12 16:06
Severity ?
Summary
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7."
},
{
"lang": "es",
"value": "pgjdbc es un controlador JDBC de PostgreSQL de c\u00f3digo abierto. Desde la versi\u00f3n 42.7.4 hasta la 42.7.7, cuando el controlador JDBC de PostgreSQL se configura con el enlace de canal establecido como obligatorio (el valor predeterminado es prefer), el controlador permit\u00eda incorrectamente que las conexiones procedieran con m\u00e9todos de autenticaci\u00f3n que no admiten el enlace de canal (como la autenticaci\u00f3n por contrase\u00f1a, MD5, GSS o SSPI). Esto podr\u00eda permitir que un atacante intermediario interceptara conexiones que los usuarios cre\u00edan protegidas por los requisitos de enlace de canal. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 42.7.7."
}
],
"id": "CVE-2025-49146",
"lastModified": "2025-06-12T16:06:20.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-06-11T15:15:42.850",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
ghsa-hq9p-pm7w-8p54
Vulnerability from github
Published
2025-06-11 14:44
Modified
2025-06-11 16:17
Severity ?
VLAI Severity ?
Summary
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
Details
Impact
When the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements.
Patches
TBD
Workarounds
Configure sslMode=verify-full to prevent MITM attacks.
References
- https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256
- https://datatracker.ietf.org/doc/html/rfc7677
- https://datatracker.ietf.org/doc/html/rfc5802
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.postgresql:postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "42.7.4"
},
{
"fixed": "42.7.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-49146"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-11T14:44:04Z",
"nvd_published_at": "2025-06-11T15:15:42Z",
"severity": "HIGH"
},
"details": "### Impact\nWhen the PostgreSQL JDBC driver is configured with channel binding set to `required` (default value is `prefer`), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements.\n\n### Patches\nTBD\n\n### Workarounds\n\nConfigure `sslMode=verify-full` to prevent MITM attacks.\n\n### References\n\n* https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256\n* https://datatracker.ietf.org/doc/html/rfc7677\n* https://datatracker.ietf.org/doc/html/rfc5802",
"id": "GHSA-hq9p-pm7w-8p54",
"modified": "2025-06-11T16:17:03Z",
"published": "2025-06-11T14:44:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146"
},
{
"type": "WEB",
"url": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/html/rfc5802"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/html/rfc7677"
},
{
"type": "PACKAGE",
"url": "https://github.com/pgjdbc/pgjdbc"
},
{
"type": "WEB",
"url": "https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…