rhsa-2025_3052
Vulnerability from csaf_redhat
Published
2025-03-20 04:53
Modified
2025-03-27 14:06
Summary
Red Hat Security Advisory: Gatekeeper v3.18.0
Notes
Topic
Gatekeeper v3.18.0
Details
Gatekeeper v3.18.0
Gatekeeper is a validating webhook with auditing capabilities that can
enforce custom resource definition-based policies that are run with the
Open Policy Agent (OPA). Gatekeeper is supported through a Red Hat Advanced
Cluster Management for Kubernetes subscription.
Starting in v3.17, users can specify a `containerArguments` list of names
and values for both the audit and webhook configurations to be passed to
the respective deployment. These will be ignored if the argument has
already been set by the operator or specifies an argument listed in the
deny list.
Starting in v3.15, the following namespaces are exempt from admission
control:
* kube-*
* multicluster-engine
* hypershift
* hive
* rhacs-operator
* open-cluster-*
* openshift-*
To disable the default exempt namespaces, set the namespaces you want on
the object.
Security fix(es):
* golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of
golang.org/x/crypto/ssh (CVE-2025-22869)
Additional Release Notes:
* v3.18.0 https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.0
* v3.18.1 https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.1
* v3.18.2 https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.2
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Gatekeeper v3.18.0",
"title": "Topic"
},
{
"category": "general",
"text": "Gatekeeper v3.18.0\n\nGatekeeper is a validating webhook with auditing capabilities that can\nenforce custom resource definition-based policies that are run with the\nOpen Policy Agent (OPA). Gatekeeper is supported through a Red Hat Advanced\nCluster Management for Kubernetes subscription.\n\nStarting in v3.17, users can specify a `containerArguments` list of names\nand values for both the audit and webhook configurations to be passed to\nthe respective deployment. These will be ignored if the argument has\nalready been set by the operator or specifies an argument listed in the\ndeny list.\n\nStarting in v3.15, the following namespaces are exempt from admission\ncontrol:\n\n* kube-*\n* multicluster-engine\n* hypershift\n* hive\n* rhacs-operator\n* open-cluster-*\n* openshift-*\n\nTo disable the default exempt namespaces, set the namespaces you want on\nthe object.\n\nSecurity fix(es):\n\n* golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of\ngolang.org/x/crypto/ssh (CVE-2025-22869)\n\nAdditional Release Notes:\n\n* v3.18.0 https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.0\n* v3.18.1 https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.1\n* v3.18.2 https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3052",
"url": "https://access.redhat.com/errata/RHSA-2025:3052"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.0",
"url": "https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.0"
},
{
"category": "external",
"summary": "https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.1",
"url": "https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.1"
},
{
"category": "external",
"summary": "https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.2",
"url": "https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.18.2"
},
{
"category": "external",
"summary": "2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "ACM-15684",
"url": "https://issues.redhat.com/browse/ACM-15684"
},
{
"category": "external",
"summary": "ACM-15900",
"url": "https://issues.redhat.com/browse/ACM-15900"
},
{
"category": "external",
"summary": "HYPBLD-604",
"url": "https://issues.redhat.com/browse/HYPBLD-604"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3052.json"
}
],
"title": "Red Hat Security Advisory: Gatekeeper v3.18.0",
"tracking": {
"current_release_date": "2025-03-27T14:06:12+00:00",
"generator": {
"date": "2025-03-27T14:06:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.4.2"
}
},
"id": "RHSA-2025:3052",
"initial_release_date": "2025-03-20T04:53:19+00:00",
"revision_history": [
{
"date": "2025-03-20T04:53:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-20T04:53:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-03-27T14:06:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "gatekeeper 3.18 for RHEL 9",
"product": {
"name": "gatekeeper 3.18 for RHEL 9",
"product_id": "9Base-gatekeeper-3.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:gatekeeper:3.18::el9"
}
}
}
],
"category": "product_family",
"name": "gatekeeper"
},
{
"branches": [
{
"category": "product_version",
"name": "gatekeeper/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac_ppc64le",
"product": {
"name": "gatekeeper/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac_ppc64le",
"product_id": "gatekeeper/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac?arch=ppc64le\u0026repository_url=registry.redhat.io/gatekeeper/gatekeeper-rhel9\u0026tag=v3.18.2-1"
}
}
},
{
"category": "product_version",
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5_ppc64le",
"product": {
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5_ppc64le",
"product_id": "gatekeeper/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5?arch=ppc64le\u0026repository_url=registry.redhat.io/gatekeeper/gatekeeper-rhel9-operator\u0026tag=v3.18.0-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gatekeeper/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0_amd64",
"product": {
"name": "gatekeeper/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0_amd64",
"product_id": "gatekeeper/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0?arch=amd64\u0026repository_url=registry.redhat.io/gatekeeper/gatekeeper-rhel9\u0026tag=v3.18.2-1"
}
}
},
{
"category": "product_version",
"name": "gatekeeper/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e_amd64",
"product": {
"name": "gatekeeper/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e_amd64",
"product_id": "gatekeeper/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e?arch=amd64\u0026repository_url=registry.redhat.io/gatekeeper/gatekeeper-operator-bundle\u0026tag=v3.18.0-1"
}
}
},
{
"category": "product_version",
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc_amd64",
"product": {
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc_amd64",
"product_id": "gatekeeper/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc?arch=amd64\u0026repository_url=registry.redhat.io/gatekeeper/gatekeeper-rhel9-operator\u0026tag=v3.18.0-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "gatekeeper/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a_s390x",
"product": {
"name": "gatekeeper/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a_s390x",
"product_id": "gatekeeper/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a?arch=s390x\u0026repository_url=registry.redhat.io/gatekeeper/gatekeeper-rhel9\u0026tag=v3.18.2-1"
}
}
},
{
"category": "product_version",
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb_s390x",
"product": {
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb_s390x",
"product_id": "gatekeeper/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb?arch=s390x\u0026repository_url=registry.redhat.io/gatekeeper/gatekeeper-rhel9-operator\u0026tag=v3.18.0-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gatekeeper/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50_arm64",
"product": {
"name": "gatekeeper/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50_arm64",
"product_id": "gatekeeper/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50?arch=arm64\u0026repository_url=registry.redhat.io/gatekeeper/gatekeeper-rhel9\u0026tag=v3.18.2-1"
}
}
},
{
"category": "product_version",
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4_arm64",
"product": {
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4_arm64",
"product_id": "gatekeeper/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4?arch=arm64\u0026repository_url=registry.redhat.io/gatekeeper/gatekeeper-rhel9-operator\u0026tag=v3.18.0-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gatekeeper/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e_amd64 as a component of gatekeeper 3.18 for RHEL 9",
"product_id": "9Base-gatekeeper-3.18:gatekeeper/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e_amd64"
},
"product_reference": "gatekeeper/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e_amd64",
"relates_to_product_reference": "9Base-gatekeeper-3.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5_ppc64le as a component of gatekeeper 3.18 for RHEL 9",
"product_id": "9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5_ppc64le"
},
"product_reference": "gatekeeper/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5_ppc64le",
"relates_to_product_reference": "9Base-gatekeeper-3.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb_s390x as a component of gatekeeper 3.18 for RHEL 9",
"product_id": "9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb_s390x"
},
"product_reference": "gatekeeper/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb_s390x",
"relates_to_product_reference": "9Base-gatekeeper-3.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc_amd64 as a component of gatekeeper 3.18 for RHEL 9",
"product_id": "9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc_amd64"
},
"product_reference": "gatekeeper/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc_amd64",
"relates_to_product_reference": "9Base-gatekeeper-3.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gatekeeper/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4_arm64 as a component of gatekeeper 3.18 for RHEL 9",
"product_id": "9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4_arm64"
},
"product_reference": "gatekeeper/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4_arm64",
"relates_to_product_reference": "9Base-gatekeeper-3.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gatekeeper/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0_amd64 as a component of gatekeeper 3.18 for RHEL 9",
"product_id": "9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0_amd64"
},
"product_reference": "gatekeeper/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0_amd64",
"relates_to_product_reference": "9Base-gatekeeper-3.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gatekeeper/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50_arm64 as a component of gatekeeper 3.18 for RHEL 9",
"product_id": "9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50_arm64"
},
"product_reference": "gatekeeper/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50_arm64",
"relates_to_product_reference": "9Base-gatekeeper-3.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gatekeeper/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac_ppc64le as a component of gatekeeper 3.18 for RHEL 9",
"product_id": "9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac_ppc64le"
},
"product_reference": "gatekeeper/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac_ppc64le",
"relates_to_product_reference": "9Base-gatekeeper-3.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gatekeeper/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a_s390x as a component of gatekeeper 3.18 for RHEL 9",
"product_id": "9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a_s390x"
},
"product_reference": "gatekeeper/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a_s390x",
"relates_to_product_reference": "9Base-gatekeeper-3.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5_ppc64le",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb_s390x",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4_arm64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50_arm64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac_ppc64le",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-20T04:53:19+00:00",
"details": "For more information, see the following resources:\n\n* See the Gatekeeper\ndocumentation: https://open-policy-agent.github.io/gatekeeper/website/docs/.\n\n* For support and troubleshooting, Gatekeeper is supported through a Red Hat Advanced Cluster Management for\nKubernetes subscription:\nhttps://access.redhat.com/products/red-hat-advanced-cluster-management-for-kubernetes.\n\n* The Open Policy Agent Gatekeeper community collaborates on Slack. Join the \n#opa-gatekeeper channel: https://openpolicyagent.slack.com/archives/CDTN970AX.\n\n* Open issues on the Gatekeeper GitHub repository: https://github.com/open-policy-agent/gatekeeper/issues.\n\n* See the installation and upgrade documentation: https://open-policy-agent.github.io/gatekeeper/website/docs/install.",
"product_ids": [
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5_ppc64le",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb_s390x",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4_arm64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50_arm64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac_ppc64le",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3052"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5_ppc64le",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb_s390x",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4_arm64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50_arm64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac_ppc64le",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-operator-bundle@sha256:f1178734e784fa1e6078059ba898e975183ff1cb8feeaaa1fa041ca53f64116e_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:794bf4aa5aac506b904429d2d50c67e5c4fe463900832d75fa55de4a351c99c5_ppc64le",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:7f57af9f43c55a60ebcf9e04885257edfe6db8dbb81d4ade4bf0829eeba83ceb_s390x",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:8dfdb522aa72d2580d859c4585271edfc6a994c99848c6773a863b3087cdeabc_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9-operator@sha256:add7447f0331cbaf61ec602dc8ad5b29f3e7731ccea19fc57e24cc4b4c9b7be4_arm64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:16957d2ff81db1424814446563f0bdb1c15a742dd7d2e1f6ba7cf9e0a76443c0_amd64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:1e457dbe472133533a98d21d77572f38175a3e604c401ea432509bd159133d50_arm64",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:45bcf3b833728e05623384d1f3b0f52154bfc3559cebd1dd5aba9d661300fdac_ppc64le",
"9Base-gatekeeper-3.18:gatekeeper/gatekeeper-rhel9@sha256:b23f87527b65e0bb8f67434313ab511b1f332e217132073d922e9f3e76de4e9a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.