rhsa-2025_0536
Vulnerability from csaf_redhat
Published
2025-01-21 16:57
Modified
2025-03-25 11:09
Summary
Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.15.0
Notes
Topic
cert-manager Operator for Red Hat OpenShift 1.15.0
Details
The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cert-manager Operator for Red Hat OpenShift 1.15.0",
"title": "Topic"
},
{
"category": "general",
"text": "The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0536",
"url": "https://access.redhat.com/errata/RHSA-2025:0536"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html",
"url": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-35255",
"url": "https://access.redhat.com/security/cve/CVE-2024-35255"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-45288",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-24783",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-28180",
"url": "https://access.redhat.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-6104",
"url": "https://access.redhat.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0536.json"
}
],
"title": "Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.15.0",
"tracking": {
"current_release_date": "2025-03-25T11:09:42+00:00",
"generator": {
"date": "2025-03-25T11:09:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.4.1"
}
},
"id": "RHSA-2025:0536",
"initial_release_date": "2025-01-21T16:57:37+00:00",
"revision_history": [
{
"date": "2025-01-21T16:57:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-27T11:42:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-03-25T11:09:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "cert-manager operator for Red Hat OpenShift 1.15",
"product": {
"name": "cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cert_manager:1.15::el9"
}
}
}
],
"category": "product_family",
"name": "cert-manager operator for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Aa1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Adf96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3Ac1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T16:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee \u0027https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html\u0027 for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0536"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2024-6104",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2024-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294000"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-retryablehttp: url might write sensitive information to log file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "RHBZ#2294000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104"
}
],
"release_date": "2024-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T16:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee \u0027https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html\u0027 for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0536"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go-retryablehttp: url might write sensitive information to log file"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T16:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee \u0027https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html\u0027 for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0536"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-28180",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2024-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268854"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose-go: improper handling of highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "RHBZ#2268854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"
}
],
"release_date": "2024-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T16:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee \u0027https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html\u0027 for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0536"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose-go: improper handling of highly compressed data"
},
{
"cve": "CVE-2024-35255",
"discovery_date": "2024-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2295081"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Microsoft\u0027s Azure Identity Libraries and the Microsoft Authentication Library (MSAL). The flaw arises from a race condition\u2014a scenario where the timing of events leads to unexpected behavior\u2014during concurrent operations on shared resources. This can result in privilege escalation, allowing attackers to gain unauthorized access to sensitive information. The vulnerability affects multiple versions of these libraries across various programming languages, including Java, .NET, Node.js, Python, JavaScript, C++, and Go. Microsoft has addressed this issue by releasing updated versions of the affected libraries. Users are strongly advised to upgrade to these patched versions to mitigate potential security risks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-35255"
},
{
"category": "external",
"summary": "RHBZ#2295081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-35255",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35255"
},
{
"category": "external",
"summary": "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499",
"url": "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499"
},
{
"category": "external",
"summary": "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340",
"url": "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9",
"url": "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255"
}
],
"release_date": "2024-07-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T16:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee \u0027https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html\u0027 for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T16:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee \u0027https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html\u0027 for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0536"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T16:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee \u0027https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html\u0027 for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0536"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2e4eae54c75591d3dacd8165159397a63d6f695a1f733d12623652705ad40173_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4986a8ad37ed49652058e4acf30233649459f5e3c4b2bad9de5b9a4df6dfa531_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:49940e94193b06df5f5ff454aeb38a8b9a44e99b02d54600cb2442f81ff6dc25_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:c1f40166786adbd77027d0dc210e8fcd0320e9f2d3b9a3df6f6ab27a46c8ade1_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:30d0113003152532d29a845550a78454a1f88099e90b475711ab74901560c67e_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:68286a86b7926a3ec88dc375a59a95716d8d3addea06ee7f88005fcd244b05a6_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1da35635852cc7e5d73bde8bbec209e5b55cfae7c421817a2b4bc7e454900c0_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df96fa00709d2ff36b7b9d7977eb18aad4c3b3c93862e5babbfa76001353a3e8_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.