rhsa-2025:11749
Vulnerability from csaf_redhat
Published
2025-07-24 15:20
Modified
2025-08-19 03:13
Summary
Red Hat Security Advisory: Updated 8.1 container image is now available: security and bug fix update
Notes
Topic
Updated rhceph-8.1 container image is now available in the Red Hat Ecosystem Catalog.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 8.1 and Red Hat Enterprise Linux 8.10, 9.5, 9.6.
Users are directed to the Red Hat Ceph Storage Release Notes for full Red Hat Ceph Storage 8.1 Release Notes information:
https://docs.redhat.com/en/documentation/red_hat_ceph_storage/8/html/8.1_release_notes
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous security and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhceph-8.1 container image is now available in the Red Hat Ecosystem Catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. \n \nThis new container image is based on Red Hat Ceph Storage 8.1 and Red Hat Enterprise Linux 8.10, 9.5, 9.6. \n \nUsers are directed to the Red Hat Ceph Storage Release Notes for full Red Hat Ceph Storage 8.1 Release Notes information:\n\nhttps://docs.redhat.com/en/documentation/red_hat_ceph_storage/8/html/8.1_release_notes\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous security and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11749",
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2262352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352"
},
{
"category": "external",
"summary": "2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "external",
"summary": "2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11749.json"
}
],
"title": "Red Hat Security Advisory: Updated 8.1 container image is now available: security and bug fix update",
"tracking": {
"current_release_date": "2025-08-19T03:13:03+00:00",
"generator": {
"date": "2025-08-19T03:13:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:11749",
"initial_release_date": "2025-07-24T15:20:25+00:00",
"revision_history": [
{
"date": "2025-07-24T15:20:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-24T15:20:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-19T03:13:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 8.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:8.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product": {
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product_id": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product_id": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product_id": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product_id": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product_id": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product": {
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product_id": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product_id": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product_id": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product_id": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le"
},
"product_reference": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
},
"product_reference": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24557",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2024-02-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262352"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a \u0027FROM scratch\u0027 in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulled and considered a valid cache candidate for some build steps.\r\nThis only affects one if using DOCKER_BUILDKIT=0 or using the /build API endpoint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: classic builder cache poisoning",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact since attack complexity is quite high. There are multiple conditions which are required: dockerfile is configured to use a non-default setting, attacker must be aware of this information, and they must have the ability to craft a malicious cache.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24557"
},
{
"category": "external",
"summary": "RHBZ#2262352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
}
],
"release_date": "2024-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "moby: classic builder cache poisoning"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-53382",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-03-03T07:00:37.175156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the prism-autoloader plugin of the Prism library. The prism-autoloader plugin uses `document.currentScript` as the base URL for dynamically loading other dependencies and, in certain circumstances, can be vulnerable to a DOM Clobbering attack. This issue could lead to Cross-site scripting (XSS) attacks on web pages that embed Prism and allow users to inject scriptless HTML elements, such as an `img` tag with a controlled `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-53382"
},
{
"category": "external",
"summary": "RHBZ#2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382"
},
{
"category": "external",
"summary": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660",
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
},
{
"category": "external",
"summary": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259",
"url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"
}
],
"release_date": "2025-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin"
},
{
"cve": "CVE-2025-22865",
"cwe": {
"id": "CWE-228",
"name": "Improper Handling of Syntactically Invalid Structure"
},
"discovery_date": "2025-01-28T02:00:52.745155+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 golang library. When using ParsePKCS1PrivateKey to parse an RSA key missing the CRT values, causes a panic when verifying the key is well formed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects only the Go 1.24 release candidates. Red Hat products do not utilize Go 1.24, except Red Hat Ceph Storage 8 which includes a Grafana container that uses Go 1.24 and is therefore affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22865"
},
{
"category": "external",
"summary": "RHBZ#2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865"
},
{
"category": "external",
"summary": "https://go.dev/cl/643098",
"url": "https://go.dev/cl/643098"
},
{
"category": "external",
"summary": "https://go.dev/issue/71216",
"url": "https://go.dev/issue/71216"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3421",
"url": "https://pkg.go.dev/vuln/GO-2025-3421"
}
],
"release_date": "2025-01-28T01:03:25.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite includes affected component however product is not directly impacted since the vulnerability arises when \"net/http\" is used as a server. Satellite uses it solely as a client, so it\u0027s not exposed to the flaw. Product Security has assessed this as Low severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…