Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:3314
HistoryMay 23, 2024 - 6:19 a.m.

(RHSA-2024:3314) Important: OpenShift Virtualization 4.15.2 Images security update

2024-05-2306:19:39
access.redhat.com
8
openshift virtualization
security fix
golang
follow-redirects
axios
cve-2023-45288
cve-2023-26159
cve-2023-45857
cvss score
references section
red hat's virtualization solution
improper input validation
exposure of confidential data stored in cookies

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

JSON

OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.15.2 images.

Security Fix(es):

  • golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

  • follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)

  • axios: exposure of confidential data stored in cookies (CVE-2023-45857)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 33
githubexploit 3
osv 114
cgr 2
ubuntucve 3
debiancve 2
vulnrichment 1
wolfi 2
nvd 3
redhatcve 2
github 2
prion 2
veracode 2
cvelist 2
cve 2
nessus 5
cbl_mariner 9
openvas 3
fedora 1
redhat 5
freebsd 1
ibm
ibm
Security Bulletin: IBM Storage Fusion HCI is vulnerable to phishing attacks and cross-site request forgery due to follow-redirects and Axios.
2024-05-11 16:54:49
Security Bulletin: Multiple vulnerabilities in nodejs packages affect IBM Business Automation Workflow - CVE-2023-26159, CVE-2023-45857
2024-02-02 10:47:59
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2024-04-09 18:54:46
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Axios
2023-10-26 04:18:03
Exploit for Cross-Site Request Forgery (CSRF) in Axios
2023-11-24 22:42:56
Exploit for CVE-2023-45857
2023-10-18 12:19:34
osv
osv
Axios Cross-Site Request Forgery Vulnerability
2023-11-08 21:30:37
CGA-vgwv-2q7q-27h5
2024-06-06 12:26:26
CVE-2023-45857
2023-11-08 21:15:08
cgr
cgr
CVE-2023-45857 vulnerabilities
2024-05-19 03:07:16
CVE-2023-26159 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2023-45857
2023-11-08 00:00:00
CVE-2023-26159
2024-01-02 00:00:00
CVE-2023-45288
2024-03-27 00:00:00
debiancve
debiancve
CVE-2023-45857
2023-11-08 21:15:08
CVE-2023-26159
2024-01-02 05:15:08
vulnrichment
vulnrichment
CVE-2023-45857
2023-11-08 00:00:00
wolfi
wolfi
CVE-2023-45857 vulnerabilities
2024-09-16 09:11:42
CVE-2023-26159 vulnerabilities
2024-09-16 09:11:41
nvd
nvd
CVE-2023-45857
2023-11-08 21:15:08
CVE-2023-26159
2024-01-02 05:15:08
CVE-2023-45288
2024-04-04 21:15:16
redhatcve
redhatcve
CVE-2023-45857
2023-11-10 00:17:17
CVE-2023-26159
2024-01-02 07:30:34
github
github
Axios Cross-Site Request Forgery Vulnerability
2023-11-08 21:30:37
Follow Redirects improperly handles URLs in the url.parse() function
2024-01-02 06:30:30
prion
prion
Design/Logic Flaw
2023-11-08 21:15:00
Input validation
2024-01-02 05:15:00
veracode
veracode
Cross-Site Request Forgery
2023-11-09 07:07:08
Open Redirect
2024-01-03 10:31:20
cvelist
cvelist
CVE-2023-45857
2023-11-08 00:00:00
CVE-2023-26159
2024-01-02 05:00:00
cve
cve
CVE-2023-45857
2023-11-08 21:15:08
CVE-2023-26159
2024-01-02 05:15:08
nessus
nessus
RHEL 6 : follow-redirects (Unpatched Vulnerability)
2024-05-11 00:00:00
CBL Mariner 2.0 Security Update: python-tensorboard / reaper (CVE-2023-26159)
2024-01-22 00:00:00
RHEL 6 : follow-redirects (Unpatched Vulnerability)
2024-06-03 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-26159 affecting package reaper for versions less than 3.1.1-8
2024-01-19 03:44:08
CVE-2023-26159 affecting package python-tensorboard for versions less than 2.16.2-1
2024-05-17 21:38:35
CVE-2023-45288 affecting package cri-o for versions less than 1.30.1-1
2024-06-21 09:32:44
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-9818cb2406)
2024-01-23 00:00:00
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:1121-1)
2024-04-09 00:00:00
Mageia: Security Advisory (MGASA-2024-0128)
2024-04-15 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: pgadmin4-7.8-3.fc39
2024-01-23 00:58:56
redhat
redhat
(RHSA-2024:1963) Important: golang security update
2024-04-23 00:09:01
(RHSA-2024:2079) Important: git-lfs security update
2024-04-29 01:07:40
(RHSA-2024:4933) Important: git-lfs security update
2024-07-31 09:56:51
freebsd
freebsd
forgejo -- HTTP/2 CONTINUATION flood in net/http
2024-04-04 00:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

JSON
Related for RHSA-2024:3314
ibm33githubexploit3osv114cgr2ubuntucve3debiancve2vulnrichment1wolfi2nvd3redhatcve2github2prion2veracode2cvelist2cve2nessus5cbl_mariner9openvas3fedora1redhat5freebsd1