rhsa-2025:3018
Vulnerability from csaf_redhat
Published
2025-03-19 20:36
Modified
2025-08-04 14:36
Summary
Red Hat Security Advisory: Red Hat build of Cryostat 4.0.0: new RHEL 9 container image security update

Notes

Topic
New Red Hat build of Cryostat 4.0.0 on RHEL 9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
New Red Hat build of Cryostat 4.0.0 on RHEL 9 container images have been released, adding a variety of features and bug fixes. Users of the Red Hat build of Cryostat 3.0.1 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. Security Fix(es): * io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling (CVE-2024-12397) You can find images updated by this advisory in the Red Hat Container Catalog (see the References section).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat build of Cryostat 4.0.0 on RHEL 9 container images are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "New Red Hat build of Cryostat 4.0.0 on RHEL 9 container images have been released, adding a variety of features and bug fixes.\n\nUsers of the Red Hat build of Cryostat 3.0.1 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nSecurity Fix(es):\n\n* io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling (CVE-2024-12397)\n\nYou can find images updated by this advisory in the Red Hat Container Catalog (see the References section).",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:3018",
        "url": "https://access.redhat.com/errata/RHSA-2025:3018"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2331298",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331298"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3018.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Cryostat 4.0.0: new RHEL 9 container image security update",
    "tracking": {
      "current_release_date": "2025-08-04T14:36:41+00:00",
      "generator": {
        "date": "2025-08-04T14:36:41+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2025:3018",
      "initial_release_date": "2025-03-19T20:36:44+00:00",
      "revision_history": [
        {
          "date": "2025-03-19T20:36:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-03-19T20:36:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-04T14:36:41+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Cryostat 4 on RHEL 9",
                "product": {
                  "name": "Cryostat 4 on RHEL 9",
                  "product_id": "9Base-Cryostat-4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cryostat:4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Cryostat"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291_amd64",
                "product": {
                  "name": "cryostat/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291_amd64",
                  "product_id": "cryostat/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.5.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9_amd64",
                "product": {
                  "name": "cryostat/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9_amd64",
                  "product_id": "cryostat/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e_amd64",
                "product": {
                  "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e_amd64",
                  "product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c_amd64",
                "product": {
                  "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c_amd64",
                  "product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884_amd64",
                "product": {
                  "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884_amd64",
                  "product_id": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-ose-oauth-proxy-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703_amd64",
                "product": {
                  "name": "cryostat/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703_amd64",
                  "product_id": "cryostat/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5_amd64",
                "product": {
                  "name": "cryostat/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5_amd64",
                  "product_id": "cryostat/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc_amd64",
                "product": {
                  "name": "cryostat/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc_amd64",
                  "product_id": "cryostat/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f_amd64",
                "product": {
                  "name": "cryostat/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f_amd64",
                  "product_id": "cryostat/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534_amd64",
                "product": {
                  "name": "cryostat/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534_amd64",
                  "product_id": "cryostat/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85_amd64",
                "product": {
                  "name": "cryostat/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85_amd64",
                  "product_id": "cryostat/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.0.0-7"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6_arm64",
                "product": {
                  "name": "cryostat/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6_arm64",
                  "product_id": "cryostat/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.5.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9_arm64",
                "product": {
                  "name": "cryostat/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9_arm64",
                  "product_id": "cryostat/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051_arm64",
                "product": {
                  "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051_arm64",
                  "product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5_arm64",
                "product": {
                  "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5_arm64",
                  "product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a_arm64",
                "product": {
                  "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a_arm64",
                  "product_id": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-ose-oauth-proxy-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053_arm64",
                "product": {
                  "name": "cryostat/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053_arm64",
                  "product_id": "cryostat/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816_arm64",
                "product": {
                  "name": "cryostat/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816_arm64",
                  "product_id": "cryostat/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0_arm64",
                "product": {
                  "name": "cryostat/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0_arm64",
                  "product_id": "cryostat/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a_arm64",
                "product": {
                  "name": "cryostat/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a_arm64",
                  "product_id": "cryostat/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1_arm64",
                "product": {
                  "name": "cryostat/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1_arm64",
                  "product_id": "cryostat/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408_arm64",
                "product": {
                  "name": "cryostat/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408_arm64",
                  "product_id": "cryostat/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.0.0-7"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291_amd64"
        },
        "product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6_arm64"
        },
        "product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9_amd64"
        },
        "product_reference": "cryostat/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9_arm64"
        },
        "product_reference": "cryostat/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e_amd64"
        },
        "product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051_arm64"
        },
        "product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c_amd64"
        },
        "product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5_arm64"
        },
        "product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc_amd64"
        },
        "product_reference": "cryostat/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0_arm64"
        },
        "product_reference": "cryostat/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884_amd64"
        },
        "product_reference": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a_arm64"
        },
        "product_reference": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703_amd64"
        },
        "product_reference": "cryostat/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053_arm64"
        },
        "product_reference": "cryostat/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a_arm64"
        },
        "product_reference": "cryostat/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f_amd64"
        },
        "product_reference": "cryostat/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816_arm64"
        },
        "product_reference": "cryostat/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5_amd64"
        },
        "product_reference": "cryostat/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534_amd64"
        },
        "product_reference": "cryostat/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1_arm64"
        },
        "product_reference": "cryostat/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85_amd64"
        },
        "product_reference": "cryostat/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408_arm64"
        },
        "product_reference": "cryostat/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12397",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2024-12-10T01:15:33.380000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2331298"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with\ncertain value-delimiting characters in incoming requests. This issue could\nallow an attacker to construct a cookie value to exfiltrate HttpOnly cookie\nvalues or spoof arbitrary additional cookie values, leading to unauthorized\ndata access or modification. The main threat from this flaw impacts data\nconfidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has evaluated this vulnerability. This is a very similar vulnerability to an Undertow, seen in CVE-2023-4639.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1_arm64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-12397"
        },
        {
          "category": "external",
          "summary": "RHBZ#2331298",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331298"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-12397",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12397"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12397",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12397"
        }
      ],
      "release_date": "2024-12-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-03-19T20:36:44+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1_arm64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3018"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1_arm64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:07378afcbcb24757bd75cc7ffa542fed10fb1f906b20b3a7fc0116992a7cc291_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f7525608cc83f31d1b3e3de10e84d513a53d2eef424473f05da3d805fcddeaf6_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3c7dc1ac6f51b9f34e2fb8298778ff137b422b745efa6f2e8fc6dd4495565ee9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:e65d22a2f788ebd83fd3b89b5f86ac0c5901f318a638639da3fbf68749c02da9_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:b02b9a47520258cfc2bbf34cc20eb8165ef6fc7b675b08b20946a8ea9aef0d9e_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:cf48c6abdba3a58089dd0117c45a5fa4072622cbaa7b471eb3e5d8c1b138e051_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:5b7c5adac17138967cba825d5e37949a50407862fc65f4fd3354f6a366ae043c_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:e98148dc400ff08ac862f24049ff772294a24cabfc38fa53acfdaa1526e1d0b5_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:81ee88fd6f65c9b44a36a09de0447e40629543fba9abe1a5cf2e78cde00f1ccc_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:91691fbffedd771a20e15f828dece6aa97497eb152ba6226a3446a63a3295ae0_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:53646fbdfb95a922c4bae057e34482f6487cdfb5ea3437a3f1a40aa636625884_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:e8a94edcab7e2a57f978b4bb163fb48584a42e133723fb9879f38e6be21be24a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:1e88b804f39b1cbe9e6e1999e50f80bb12799f6b2eba0183edf0540a8e9b0703_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:d2b35aa90a36f7ea5bad2189270a13ab819243e591f054163cf32cb247d9d053_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:46e5e55899c96097c5ba9dd9a592117206bcba074dfe53c31bb008280219b06a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:bdffb2fe3d29ec49e2bfda1c1b2d90e787e813c3420c6a903e8172a9d5a7553f_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:88acd1caf027c645b53d31f2358d9ca916697b3b5e0babfd91b4c91417a49816_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:e94b6a56bbe9bd8f044ebd705cd47310117bc62b64eca2e08fca86796c80c9c5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:13650189a745f238d6aa60edfef308e81a21fc0c015f88050a98287a94e89534_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:d2329bf9a5775f8d63bdb8e10e5dc4bbdaf8625eba178ade097c3f415bf758a1_arm64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ee93d84a6f61b329d740921245723cfbca3a9581fa163a874202f7f544d97c85_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:fd595c816d4b80536115a43b74aa55e3be7936e5be0276899dfd13ad763a1408_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.