Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:3801
HistoryJun 11, 2024 - 2:50 p.m.

(RHSA-2024:3801) Moderate: OpenShift Container Platform 4.12.58 CNF vRAN extras security update

2024-06-1114:50:24
access.redhat.com
6
red hat
openshift
kubernetes
security update
low-latency
on-premise
private cloud
cve-2023-30841
upgrade
container images

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

Low

EPSS

0.008

Percentile

81.8%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.12. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:3349

Thos release includes a security update for topology-aware-lifecycle-manager-operator-container: baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access (CVE-2023-30841).

All OpenShift Container Platform users are advised to upgrade to these updated packages and images.

Related

nessus 67
redhat 16
osv 14
almalinux 4
rocky 3
oraclelinux 5
openvas 36
amazon 1
mageia 2
ibm 2
cloudfoundry 2
debian 3
redos 2
ubuntu 2
photon 3
slackware 1
fedora 4
prion 3
redhatcve 4
cve 4
github 1
veracode 2
cvelist 3
nvd 3
ubuntucve 2
cbl_mariner 4
debiancve 2
vulnrichment 2
suse 2
nessus
nessus
CentOS 8 : curl (CESA-2024:1601)
2024-04-02 00:00:00
Rocky Linux 8 : curl (RLSA-2024:1601)
2024-04-05 00:00:00
RHEL 8 : curl (RHSA-2024:1601)
2024-04-02 00:00:00
redhat
redhat
(RHSA-2024:2092) Moderate: security update Logging for Red Hat OpenShift - 5.6.18
2024-05-01 16:40:08
(RHSA-2024:1865) Low: Red Hat Single Sign-On 7.6.8 Operator enhancement and security update
2024-04-16 19:49:38
(RHSA-2024:1601) Moderate: curl security and bug fix update
2024-04-02 14:56:52
osv
osv
Moderate: curl security and bug fix update
2024-04-02 00:00:00
Moderate: curl security and bug fix update
2024-04-05 14:55:53
Low: krb5 security update
2024-05-22 00:00:00
almalinux
almalinux
Moderate: curl security and bug fix update
2024-04-02 00:00:00
Low: krb5 security update
2024-05-22 00:00:00
Low: libssh security update
2024-05-22 00:00:00
rocky
rocky
curl security and bug fix update
2024-04-05 14:55:53
krb5 security update
2024-06-14 13:59:16
libssh security update
2024-06-14 13:59:16
oraclelinux
oraclelinux
curl security and bug fix update
2024-04-03 00:00:00
krb5 security update
2024-05-29 00:00:00
libssh security update
2024-05-02 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1148-1)
2024-05-07 00:00:00
Mageia: Security Advisory (MGASA-2024-0158)
2024-05-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0999-1)
2024-05-07 00:00:00
amazon
amazon
Medium: krb5
2024-04-11 01:07:00
mageia
mageia
Updated krb5 packages fix security vulnerabilities
2024-05-01 01:25:14
Updated libssh packages fix security vulnerabilities
2023-12-29 20:16:34
ibm
ibm
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.
2024-06-17 11:59:28
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
2024-04-23 14:11:37
cloudfoundry
cloudfoundry
USN-6592-1: libssh vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
USN-5672-1: GMP vulnerability | Cloud Foundry
2022-12-07 00:00:00
debian
debian
[SECURITY] [DLA 3692-1] curl security update
2023-12-22 14:27:56
[SECURITY] [DSA 5591-1] libssh security update
2023-12-28 14:27:16
[SECURITY] [DLA 2837-1] gmp security update
2021-12-02 19:53:16
redos
redos
ROS-20240328-06
2024-03-28 00:00:00
ROS-20240423-03
2024-04-23 00:00:00
ubuntu
ubuntu
libssh vulnerabilities
2024-02-05 00:00:00
libssh vulnerabilities
2024-01-22 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-3.0-0764
2024-06-05 00:00:00
Moderate Photon OS Security Update - PHSA-2024-4.0-0624
2024-06-05 00:00:00
Moderate Photon OS Security Update - PHSA-2024-5.0-0284
2024-06-05 00:00:00
slackware
slackware
[slackware-security] libssh
2023-12-19 21:31:02
fedora
fedora
[SECURITY] Fedora 39 Update: libssh-0.10.6-1.fc39
2023-12-22 02:44:21
[SECURITY] Fedora 38 Update: libssh-0.10.6-2.fc38
2024-01-10 01:52:52
[SECURITY] Fedora 40 Update: krb5-1.21.3-1.fc40
2024-07-13 02:46:57
prion
prion
Default credentials
2023-04-26 19:15:00
Memory corruption
2024-02-29 01:44:00
Memory corruption
2024-02-29 01:44:00
redhatcve
redhatcve
CVE-2023-30841
2023-04-27 08:51:19
CVE-2024-26461
2024-02-28 21:39:40
CVE-2024-26458
2024-02-28 21:39:33
cve
cve
CVE-2023-30841
2023-04-26 19:15:09
CVE-2024-26461
2024-02-29 01:44:18
CVE-2024-26458
2024-02-29 01:44:18
github
github
Ironic and ironic-inspector may expose as ConfigMaps
2023-04-26 19:46:00
veracode
veracode
Improper Authorization
2023-05-08 13:20:56
Denial Of Service (DoS)
2022-01-29 22:06:18
cvelist
cvelist
CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
2023-04-26 18:24:04
CVE-2024-26458
2024-02-26 00:00:00
CVE-2024-26461
2024-02-26 00:00:00
nvd
nvd
CVE-2023-30841
2023-04-26 19:15:09
CVE-2024-26461
2024-02-29 01:44:18
CVE-2024-26458
2024-02-29 01:44:18
ubuntucve
ubuntucve
CVE-2024-26461
2024-02-29 00:00:00
CVE-2024-26458
2024-02-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-26461 affecting package krb5 for versions less than 1.21.3-1
2024-08-14 20:43:58
CVE-2024-26458 affecting package krb5 for versions less than 1.21.3-2
2024-09-06 19:16:47
CVE-2024-26461 affecting package krb5 for versions less than 1.21.3-1
2024-08-05 03:22:58
debiancve
debiancve
CVE-2024-26461
2024-02-29 01:44:18
CVE-2024-26458
2024-02-29 01:44:18
vulnrichment
vulnrichment
CVE-2024-26458
2024-02-26 00:00:00
CVE-2024-26461
2024-02-26 00:00:00
suse
suse
Security update for gmp (moderate)
2021-12-10 00:00:00
Security update for gmp (moderate)
2021-12-06 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

Low

EPSS

0.008

Percentile

81.8%

JSON
Related for RHSA-2024:3801
nessus67redhat16osv14almalinux4rocky3oraclelinux5openvas36amazon1mageia2ibm2cloudfoundry2debian3redos2ubuntu2photon3slackware1fedora4prion3redhatcve4cve4github1veracode2cvelist3nvd3ubuntucve2cbl_mariner4debiancve2vulnrichment2suse2