RedHatRHSA-2023:5810(RHSA-2023:5810) Important: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
98.4%
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Security Fix(es):
- receptor: golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional changes: * receptor has been updated to 1.4.2
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | noarch | receptorctl | < 1.4.2-1.el9ap | receptorctl-1.4.2-1.el9ap.noarch.rpm |
| RedHat | 9 | x86_64 | receptor | < 1.4.2-1.el9ap | receptor-1.4.2-1.el9ap.x86_64.rpm |
| RedHat | 8 | x86_64 | receptor | < 1.4.2-1.el8ap | receptor-1.4.2-1.el8ap.x86_64.rpm |
| RedHat | 8 | noarch | receptorctl | < 1.4.2-1.el8ap | receptorctl-1.4.2-1.el8ap.noarch.rpm |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
98.4%