rhsa-2025:13931
Vulnerability from csaf_redhat
Published
2025-08-14 22:06
Modified
2025-08-21 13:10
Summary
Red Hat Security Advisory: Red Hat OpenShift Builds 1.5.1
Notes
Topic
Red Hat OpenShift Builds 1.5.1
Details
Releases of Red Hat OpenShift Builds 1.5.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Builds 1.5.1",
"title": "Topic"
},
{
"category": "general",
"text": "Releases of Red Hat OpenShift Builds 1.5.1",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13931",
"url": "https://access.redhat.com/errata/RHSA-2025:13931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22874",
"url": "https://access.redhat.com/security/cve/CVE-2025-22874"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.5",
"url": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.5"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13931.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Builds 1.5.1",
"tracking": {
"current_release_date": "2025-08-21T13:10:16+00:00",
"generator": {
"date": "2025-08-21T13:10:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:13931",
"initial_release_date": "2025-08-14T22:06:55+00:00",
"revision_history": [
{
"date": "2025-08-14T22:06:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-14T22:06:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-21T13:10:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Builds for Red Hat OpenShift 1.5.1",
"product": {
"name": "Builds for Red Hat OpenShift 1.5.1",
"product_id": "Builds for Red Hat OpenShift 1.5.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_builds:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Builds for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:06d1a4352ca5002f85d284eb987548838d6acdcc7acdc98d604495b3cae1a12c_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:06d1a4352ca5002f85d284eb987548838d6acdcc7acdc98d604495b3cae1a12c_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:06d1a4352ca5002f85d284eb987548838d6acdcc7acdc98d604495b3cae1a12c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A06d1a4352ca5002f85d284eb987548838d6acdcc7acdc98d604495b3cae1a12c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1.5.0-1755171468"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:4103bbce41d2f86071f49260e74ae89fd7a556deab7adea686cbe69477f17b58_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:4103bbce41d2f86071f49260e74ae89fd7a556deab7adea686cbe69477f17b58_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:4103bbce41d2f86071f49260e74ae89fd7a556deab7adea686cbe69477f17b58_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-operator-bundle@sha256%3A4103bbce41d2f86071f49260e74ae89fd7a556deab7adea686cbe69477f17b58?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1.5.0-1755174540"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:e172eabeee4912ed718eafa33c4e0099cde86bf4b7394da4074676ae00060927_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:e172eabeee4912ed718eafa33c4e0099cde86bf4b7394da4074676ae00060927_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:e172eabeee4912ed718eafa33c4e0099cde86bf4b7394da4074676ae00060927_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3Ae172eabeee4912ed718eafa33c4e0099cde86bf4b7394da4074676ae00060927?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1.5.0-1755171468"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1d2b6744f30b21751bef9567bd0af28728cc40b3b93a39719fbd8b51a15ffd4b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1d2b6744f30b21751bef9567bd0af28728cc40b3b93a39719fbd8b51a15ffd4b_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1d2b6744f30b21751bef9567bd0af28728cc40b3b93a39719fbd8b51a15ffd4b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A1d2b6744f30b21751bef9567bd0af28728cc40b3b93a39719fbd8b51a15ffd4b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1.5.0-1755171468"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1444fa06512941cd0b7485b9938f3aae43ef74dd235379ffe804e37445076474_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1444fa06512941cd0b7485b9938f3aae43ef74dd235379ffe804e37445076474_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1444fa06512941cd0b7485b9938f3aae43ef74dd235379ffe804e37445076474_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A1444fa06512941cd0b7485b9938f3aae43ef74dd235379ffe804e37445076474?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1.5.0-1755171468"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:4103bbce41d2f86071f49260e74ae89fd7a556deab7adea686cbe69477f17b58_amd64 as a component of Builds for Red Hat OpenShift 1.5.1",
"product_id": "Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:4103bbce41d2f86071f49260e74ae89fd7a556deab7adea686cbe69477f17b58_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:4103bbce41d2f86071f49260e74ae89fd7a556deab7adea686cbe69477f17b58_amd64",
"relates_to_product_reference": "Builds for Red Hat OpenShift 1.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:06d1a4352ca5002f85d284eb987548838d6acdcc7acdc98d604495b3cae1a12c_amd64 as a component of Builds for Red Hat OpenShift 1.5.1",
"product_id": "Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:06d1a4352ca5002f85d284eb987548838d6acdcc7acdc98d604495b3cae1a12c_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:06d1a4352ca5002f85d284eb987548838d6acdcc7acdc98d604495b3cae1a12c_amd64",
"relates_to_product_reference": "Builds for Red Hat OpenShift 1.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1444fa06512941cd0b7485b9938f3aae43ef74dd235379ffe804e37445076474_s390x as a component of Builds for Red Hat OpenShift 1.5.1",
"product_id": "Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1444fa06512941cd0b7485b9938f3aae43ef74dd235379ffe804e37445076474_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1444fa06512941cd0b7485b9938f3aae43ef74dd235379ffe804e37445076474_s390x",
"relates_to_product_reference": "Builds for Red Hat OpenShift 1.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1d2b6744f30b21751bef9567bd0af28728cc40b3b93a39719fbd8b51a15ffd4b_ppc64le as a component of Builds for Red Hat OpenShift 1.5.1",
"product_id": "Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1d2b6744f30b21751bef9567bd0af28728cc40b3b93a39719fbd8b51a15ffd4b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1d2b6744f30b21751bef9567bd0af28728cc40b3b93a39719fbd8b51a15ffd4b_ppc64le",
"relates_to_product_reference": "Builds for Red Hat OpenShift 1.5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:e172eabeee4912ed718eafa33c4e0099cde86bf4b7394da4074676ae00060927_arm64 as a component of Builds for Red Hat OpenShift 1.5.1",
"product_id": "Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:e172eabeee4912ed718eafa33c4e0099cde86bf4b7394da4074676ae00060927_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:e172eabeee4912ed718eafa33c4e0099cde86bf4b7394da4074676ae00060927_arm64",
"relates_to_product_reference": "Builds for Red Hat OpenShift 1.5.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22874",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-06-11T17:00:48.521459+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:4103bbce41d2f86071f49260e74ae89fd7a556deab7adea686cbe69477f17b58_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372320"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as an Important severity because the vulnerability was found in the certificate validation logic of the Verify function. When VerifyOptions.KeyUsages includes ExtKeyUsageAny, certificate chains containing policy graphs may bypass certificate policy validation. This flaw allows an attacker to trick the system into accepting an invalid certificate, potentially enabling spoofing attacks, the issue weakens trust decisions in affected cases and impacts system integrity. Confidentiality and availability are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:06d1a4352ca5002f85d284eb987548838d6acdcc7acdc98d604495b3cae1a12c_amd64",
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1444fa06512941cd0b7485b9938f3aae43ef74dd235379ffe804e37445076474_s390x",
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1d2b6744f30b21751bef9567bd0af28728cc40b3b93a39719fbd8b51a15ffd4b_ppc64le",
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:e172eabeee4912ed718eafa33c4e0099cde86bf4b7394da4074676ae00060927_arm64"
],
"known_not_affected": [
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:4103bbce41d2f86071f49260e74ae89fd7a556deab7adea686cbe69477f17b58_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22874"
},
{
"category": "external",
"summary": "RHBZ#2372320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372320"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22874"
},
{
"category": "external",
"summary": "https://go.dev/cl/670375",
"url": "https://go.dev/cl/670375"
},
{
"category": "external",
"summary": "https://go.dev/issue/73612",
"url": "https://go.dev/issue/73612"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A",
"url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3749",
"url": "https://pkg.go.dev/vuln/GO-2025-3749"
}
],
"release_date": "2025-06-11T16:42:52.856000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-14T22:06:55+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.5.0 upgrades to to 1.5.1",
"product_ids": [
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:06d1a4352ca5002f85d284eb987548838d6acdcc7acdc98d604495b3cae1a12c_amd64",
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1444fa06512941cd0b7485b9938f3aae43ef74dd235379ffe804e37445076474_s390x",
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1d2b6744f30b21751bef9567bd0af28728cc40b3b93a39719fbd8b51a15ffd4b_ppc64le",
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:e172eabeee4912ed718eafa33c4e0099cde86bf4b7394da4074676ae00060927_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:4103bbce41d2f86071f49260e74ae89fd7a556deab7adea686cbe69477f17b58_amd64",
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:06d1a4352ca5002f85d284eb987548838d6acdcc7acdc98d604495b3cae1a12c_amd64",
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1444fa06512941cd0b7485b9938f3aae43ef74dd235379ffe804e37445076474_s390x",
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:1d2b6744f30b21751bef9567bd0af28728cc40b3b93a39719fbd8b51a15ffd4b_ppc64le",
"Builds for Red Hat OpenShift 1.5.1:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:e172eabeee4912ed718eafa33c4e0099cde86bf4b7394da4074676ae00060927_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…