Lucene search

K
redhatRedHatRHSA-2023:7555
HistoryNov 28, 2023 - 5:50 p.m.

(RHSA-2023:7555) Important: OpenShift API for Data Protection (OADP) 1.3.0 security update

2023-11-2817:50:06
access.redhat.com
8
openshift
oadp
security update
backup
restore
persistent volumes
cve-2023-44487
cve-2023-39325
ddos
cve-2023-45142

9.8 High

AI Score

Confidence

High

0.732 High

EPSS

Percentile

98.1%

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Security Fix(es):

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

  • opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.