rhsa-2025:7592
Vulnerability from csaf_redhat
Published
2025-05-14 11:52
Modified
2025-08-14 03:17
Summary
Red Hat Security Advisory: yggdrasil security update
Notes
Topic
An update for yggdrasil is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker.
Security Fix(es):
* yggdrasil: Local privilege escalation in yggdrasil (CVE-2025-3931)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for yggdrasil is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child \"worker\" process, exchanging data with its worker processes through a D-Bus message broker.\n\nSecurity Fix(es):\n\n* yggdrasil: Local privilege escalation in yggdrasil (CVE-2025-3931)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:7592",
"url": "https://access.redhat.com/errata/RHSA-2025:7592"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362345"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7592.json"
}
],
"title": "Red Hat Security Advisory: yggdrasil security update",
"tracking": {
"current_release_date": "2025-08-14T03:17:12+00:00",
"generator": {
"date": "2025-08-14T03:17:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:7592",
"initial_release_date": "2025-05-14T11:52:59+00:00",
"revision_history": [
{
"date": "2025-05-14T11:52:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-14T11:52:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T03:17:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-0:0.4.5-3.el10_0.src",
"product": {
"name": "yggdrasil-0:0.4.5-3.el10_0.src",
"product_id": "yggdrasil-0:0.4.5-3.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.4.5-3.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-0:0.4.5-3.el10_0.aarch64",
"product": {
"name": "yggdrasil-0:0.4.5-3.el10_0.aarch64",
"product_id": "yggdrasil-0:0.4.5-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.4.5-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"product": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"product_id": "yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debugsource@0.4.5-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"product": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"product_id": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debuginfo@0.4.5-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"product": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"product_id": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-examples-debuginfo@0.4.5-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"product": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"product_id": "yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-devel@0.4.5-3.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"product": {
"name": "yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"product_id": "yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.4.5-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"product": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"product_id": "yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debugsource@0.4.5-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"product": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"product_id": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debuginfo@0.4.5-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"product": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"product_id": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-examples-debuginfo@0.4.5-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"product": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"product_id": "yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-devel@0.4.5-3.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-0:0.4.5-3.el10_0.x86_64",
"product": {
"name": "yggdrasil-0:0.4.5-3.el10_0.x86_64",
"product_id": "yggdrasil-0:0.4.5-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.4.5-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"product": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"product_id": "yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debugsource@0.4.5-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"product": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"product_id": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debuginfo@0.4.5-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"product": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"product_id": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-examples-debuginfo@0.4.5-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"product": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"product_id": "yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-devel@0.4.5-3.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-0:0.4.5-3.el10_0.s390x",
"product": {
"name": "yggdrasil-0:0.4.5-3.el10_0.s390x",
"product_id": "yggdrasil-0:0.4.5-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.4.5-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"product": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"product_id": "yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debugsource@0.4.5-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"product": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"product_id": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debuginfo@0.4.5-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"product": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"product_id": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-examples-debuginfo@0.4.5-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"product": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"product_id": "yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-devel@0.4.5-3.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.5-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64"
},
"product_reference": "yggdrasil-0:0.4.5-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.5-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le"
},
"product_reference": "yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.5-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x"
},
"product_reference": "yggdrasil-0:0.4.5-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.5-3.el10_0.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src"
},
"product_reference": "yggdrasil-0:0.4.5-3.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.5-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64"
},
"product_reference": "yggdrasil-0:0.4.5-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64"
},
"product_reference": "yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le"
},
"product_reference": "yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x"
},
"product_reference": "yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64"
},
"product_reference": "yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64"
},
"product_reference": "yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le"
},
"product_reference": "yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x"
},
"product_reference": "yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64"
},
"product_reference": "yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.5-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64"
},
"product_reference": "yggdrasil-0:0.4.5-3.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.5-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le"
},
"product_reference": "yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.5-3.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x"
},
"product_reference": "yggdrasil-0:0.4.5-3.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.5-3.el10_0.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src"
},
"product_reference": "yggdrasil-0:0.4.5-3.el10_0.src",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.5-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64"
},
"product_reference": "yggdrasil-0:0.4.5-3.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64"
},
"product_reference": "yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le"
},
"product_reference": "yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x"
},
"product_reference": "yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64"
},
"product_reference": "yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64"
},
"product_reference": "yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le"
},
"product_reference": "yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x"
},
"product_reference": "yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.5-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64"
},
"product_reference": "yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45336",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2025-01-23T12:57:38.123000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2341751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with account management controls, including integration with single sign-on (SSO), to ensure that user permissions are restricted to only the functions necessary for their roles. Access to sensitive information is explicitly authorized and enforced based on predefined access policies. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, which helps identify patterns of unauthorized access or data exposure. The platform enforces the use of validated cryptographic modules across compute resources to protect the confidentiality of information, even in the event of interception.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45336"
},
{
"category": "external",
"summary": "RHBZ#2341751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45336",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45336"
}
],
"release_date": "2025-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-14T11:52:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7592"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect"
},
{
"acknowledgments": [
{
"names": [
"Thibault Guittet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2025-3931",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2025-04-25T17:06:52.161000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362345"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children\u0027s \"worker\" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. \n\nThis flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "yggdrasil: Local privilege escalation in yggdrasil",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability qualifies as Important rather than Moderate due to its direct violation of privilege boundaries and its broad post-install attack surface. The core issue lies in the com.redhat.Yggdrasil1.Dispatch() method being exposed over the system DBus without any authentication or authorization, enabling any local unprivileged user to interface with a privileged backend (package-manager worker). By leveraging this unprotected method, an attacker can install arbitrary software, execute payloads, and gain full root access, thus achieving a complete Local Privilege Escalation (LPE). While exploitation requires local access, the flaw exists in a default service path (rhc connect) recommended during system registration, increasing its exposure. Furthermore, the ability to manipulate package installation flows \u2014 a highly privileged operation \u2014 indicates a severe trust boundary violation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-3931"
},
{
"category": "external",
"summary": "RHBZ#2362345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-3931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3931"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-3931",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3931"
},
{
"category": "external",
"summary": "https://github.com/RedHatInsights/yggdrasil/pull/336",
"url": "https://github.com/RedHatInsights/yggdrasil/pull/336"
}
],
"release_date": "2025-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-14T11:52:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7592"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"AppStream-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"AppStream-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.src",
"CRB-10.0.Z:yggdrasil-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debuginfo-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-debugsource-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-devel-0:0.4.5-3.el10_0.x86_64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.aarch64",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.ppc64le",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.s390x",
"CRB-10.0.Z:yggdrasil-examples-debuginfo-0:0.4.5-3.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "yggdrasil: Local privilege escalation in yggdrasil"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…