Lucene search

K
redhatRedHatRHSA-2024:4269
HistoryJul 02, 2024 - 2:48 p.m.

(RHSA-2024:4269) Moderate: OpenShift Virtualization 4.12.12 Images security update

2024-07-0214:48:37
CWE-787
access.redhat.com
8
openshift virtualization
red hat
security update
axios vulnerability
cve-2023-45857
virtualization solution
container platform
cvss score

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.05

Percentile

93.1%

OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.12.12 images.

Security Fix(es):

  • axios: exposure of confidential data stored in cookies (CVE-2023-45857)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatlibsshRange0.9.6-14.el8
OR
redhatlibsshRange0.10.4-13.el9
OR
redhatglibcRange2.17-326.el7_9.3
OR
redhatglibcRange2.28-251.el8_10.2
OR
redhatglibc-0Range2.28-101.el8_2.2
OR
redhatglibc-0Range2.28-151.el8_4.2
OR
redhatglibc-0Range2.28-189.10.el8_6
OR
redhatglibc-0Range2.28-225.el8_8.11
OR
redhatglibcRange2.34-100.el9_4.2
OR
redhatglibc-0Range2.34-28.el9_0.6
OR
redhatglibc-0Range2.34-60.el9_2.14
OR
redhatservice_interconnectRange1.4.5-2
OR
redhatservice_interconnectRange1.4.5-2
OR
redhatservice_interconnectRange1.4.5-4
OR
redhatservice_interconnectRange2.4.3-4
OR
redhatservice_interconnectRange1.4.5-2
OR
redhatservice_interconnectRange1.4.5-2
OR
redhatbind-32Range9.11.4-26.P2.el7_9.13
OR
redhatbind9.16-32Range9.16.23-0.14.el8
OR
redhatbind-32Range9.11.36-8.el8
OR
redhatbind-32Range9.11.36-3.el8_6.7
OR
redhatdhcp-12Range4.3.6-47.el8_6.2
OR
redhatbind-32Range9.16.23-11.el9
OR
redhatjbcs-httpd24-curl-0Range8.7.1-2.el8jbcs
OR
redhatjbcs-httpd24-httpd-0Range2.4.57-10.el8jbcs
OR
redhatjbcs-httpd24-mod_http2-0Range1.15.19-37.el8jbcs
OR
redhatjbcs-httpd24-mod_jk-0Range1.2.49-6.redhat_1.el8jbcs
OR
redhatjbcs-httpd24-mod_md-1Range2.4.24-6.el8jbcs
OR
redhatmod_clusterRange1.3.20-4.el8jbcs
OR
redhatjbcs-httpd24-mod_security-0Range2.9.3-36.el8jbcs
OR
redhatjbcs-httpd24-nghttp2-0Range1.43.0-13.el8jbcs
OR
redhatjbcs-httpd24-curl-0Range8.7.1-2.el7jbcs
OR
redhatjbcs-httpd24-httpd-0Range2.4.57-10.el7jbcs
OR
redhatjbcs-httpd24-mod_http2-0Range1.15.19-37.el7jbcs
OR
redhatjbcs-httpd24-mod_jk-0Range1.2.49-6.redhat_1.el7jbcs
OR
redhatjbcs-httpd24-mod_md-1Range2.4.24-6.el7jbcs
OR
redhatmod_clusterRange1.3.20-4.el7jbcs
OR
redhatjbcs-httpd24-mod_security-0Range2.9.3-36.el7jbcs
OR
redhatjbcs-httpd24-nghttp2-0Range1.43.0-13.el7jbcs
OR
redhatnodejsRange20-8090020240422150739.a75119d5
OR
redhatnodejsRange18-8090020240429131734.a75119d5
OR
redhatnghttp2Range1.33.0-6.el8_10.1
OR
redhatnghttp2-0Range1.33.0-3.el8_2.3
OR
redhatnghttp2-0Range1.33.0-4.el8_4.2
OR
redhatnghttp2-0Range1.33.0-4.el8_6.2
OR
redhatnodejsRange18-8080020240621122004.63b34585
OR
redhatnghttp2-0Range1.33.0-5.el8_8.1
OR
redhatnodejsRange18-9040020240422140329.rhel9
OR
redhatnodejsRange20-9040020240419140200.rhel9
OR
redhatnodejsRange16.20.2-8.el9_4
OR
redhatnghttp2Range1.43.0-5.el9_4.3
OR
redhatnodejs-1Range16.20.2-9.el9_0
OR
redhatnghttp2-0Range1.43.0-5.el9_0.3
OR
redhatnodejs-1Range16.20.2-5.el9_2.3
OR
redhatnodejsRange18-9020020240516091141.rhel9
OR
redhatnghttp2-0Range1.43.0-5.el9_2.3
OR
redhatgnutlsRange3.6.16-8.el8_9.3
OR
redhatgnutls-0Range3.6.16-5.el8_6.4
OR
redhatgnutls-0Range3.6.16-7.el8_8.3
OR
redhatgnutlsRange3.7.6-23.el9_3.4
OR
redhatgnutlsRange3.8.3-4.el9_4
OR
redhatgnutls-0Range3.7.6-21.el9_2.3
OR
redhatpam_smbRange1.3.1-33.el8
OR
redhatpam_smbRange1.5.1-19.el9
OR
redhatyajlRange2.1.0-11.el8
OR
redhatyajl-0Range2.1.0-13.el8_6
OR
redhatyajlRange2.1.0-21.el9
OR
redhatsystemdRange239-82.el8
OR
redhatsystemdRange252-32.el9_4
OR
redhatkrb5Range1.18.2-27.el8_10
OR
redhatkrb5Range1.21.1-3.el9
OR
redhatpython3Range3.6.8-62.el8_10
OR
redhatpython39Range3.9-8100020240516111311.d47b87a4
OR
redhatkdelibs_develRange3.9-8100020240516111311.d47b87a4
OR
redhatpython3.11Range3.11.9-1.el8_10
OR
redhatpython3.12Range3.12.3-2.el8_10
OR
redhatpython3-0Range3.6.8-47.el8_6.6
OR
redhatpython3-0Range3.6.8-51.el8_8.6
OR
redhatpython3.9Range3.9.18-3.el9_4.1
OR
redhatpython3.12Range3.12.5-2.el9
OR
redhatpython3.11Range3.11.9-7.el9
OR
redhatservice_interconnectRange2.4.3-5
OR
redhatservice_interconnectRange2.5.3-2
OR
redhatbind-32Range9.11.36-11.el8_9
OR
redhatbind-32Range9.11.36-8.el8_8.3
OR
redhatyajlRange2.1.0-12.el8
OR
redhatyajl-0Range2.1.0-12.el8_8
OR
redhatyajlRange2.1.0-22.el9
OR
redhatmta\/mta-windup-addon-rhel9Range6.2.3-2
OR
redhatmta\/mta-cli-rhel9Range7.0.3-16
OR
redhatmta\/mta-ui-rhel9Range7.0.3-13
OR
redhatansible_automation_controllerRange4.5.5-2.el8ap
OR
redhatansible_automation_controllerRange4.5.5-2.el9ap
OR
redhatopenshiftRangev1.8.3-4
OR
redhatvirtualizationRangev4.12.12-7
OR
redhatvirtualizationRangev4.13.10-387
OR
redhatvirtualizationRangev4.14.6-195
OR
redhatvirtualizationRangev4.15.2-383
OR
redhatvirtualizationRangev4.16.0-4001
OR
redhatpython3x-idna-0Range3.7-1.el8ap
OR
redhatpython-idna-0Range3.7-1.el9ap
OR
redhatpython-idna-0Range2.4-2.el7_9
OR
redhatpython-idnaRange2.5-7.el8_10
OR
redhatpython-idna-0Range2.5-5.el8_6.1
OR
redhatpython-idna-0Range2.5-5.el8_8.1
OR
redhatpython-idnaRange2.10-7.el9_4.1
OR
redhatgdiskRange1.0.3-11.el8
OR
redhatgdisk-0Range1.0.3-9.el8_6.1
OR
redhatbind9.16-32Range9.16.23-0.9.el8.1
OR
redhatbind-32Range9.11.36-5.el8
OR
redhatbind-32Range9.16.23-5.el9_1
OR
redhatdhcp-12Range4.4.2-17.b1.el9
OR
redhatlessRange530-2.el8_9
OR
redhatlessRange530-3.el8_10
OR
redhatless-0Range530-2.el8_6
OR
redhatless-0Range530-2.el8_8
OR
redhatlessRange590-3.el9_3
OR
redhatopenshift_loggingRangev5.6.18-16
OR
redhatopenshift_loggingRangev5.6.18-7
OR
redhatopenshift_loggingRangev6.8.1-409
OR
redhatopenshift_loggingRangev5.6.18-16
OR
redhatopenshift_loggingRangev1.0.0-481
OR
redhatopenshift_loggingRangev5.6.18-7
OR
redhatopenshift_loggingRangev0.4.0-246
OR
redhatopenshift_loggingRangev1.14.6-216
OR
redhatopenshift_loggingRangev6.8.1-430
OR
redhatopenshift_loggingRangev1.1.0-226
OR
redhatopenshift_loggingRangev5.8.1-472
OR
redhatopenshift_loggingRangev2.9.6-16
OR
redhatopenshift_loggingRangev5.6.18-3
OR
redhatopenshift_loggingRangev5.6.18-30
OR
redhatopenshift_loggingRangev5.6.18-12
OR
redhatopenshift_loggingRangev0.1.0-528
OR
redhatopenshift_loggingRangev0.1.0-226
OR
redhatopenshift_loggingRangev0.21.0-127
OR
redhatopenshift_loggingRangev5.7.13-16
OR
redhatopenshift_loggingRangev5.7.13-7
OR
redhatopenshift_loggingRangev6.8.1-408
OR
redhatopenshift_loggingRangev5.7.13-19
OR
redhatopenshift_loggingRangev1.0.0-480
OR
redhatopenshift_loggingRangev5.7.13-9
OR
redhatopenshift_loggingRangev0.4.0-248
OR
redhatopenshift_loggingRangev1.14.6-215
OR
redhatopenshift_loggingRangev6.8.1-431
OR
redhatopenshift_loggingRangev1.1.0-228
OR
redhatopenshift_loggingRangev5.8.1-471
OR
redhatopenshift_loggingRangev2.9.6-15
OR
redhatopenshift_loggingRangev5.7.13-3
OR
redhatopenshift_loggingRangev5.7.13-27
OR
redhatopenshift_loggingRangev5.7.13-12
OR
redhatopenshift_loggingRangev0.1.0-527
OR
redhatopenshift_loggingRangev0.1.0-225
OR
redhatopenshift_loggingRangev0.28.1-57
OR
redhatbind-32Range9.11.4-26.P2.el7_9.16
OR
redhatbind-dyndb-ldapRange11.1-7.el7_9.1
OR
redhatdhcp-12Range4.2.5-83.el7_9.2
OR
redhatbind9.16-32Range9.16.23-0.16.el8_9.2
OR
redhatbind-32Range9.11.36-11.el8_9.1
OR
redhatbind-32Range9.11.36-14.el8_10
OR
redhatbind-32Range9.11.13-6.el8_2.7
OR
redhatdhcp-12Range4.3.6-40.el8_2.3
OR
redhatbind-32Range9.11.26-4.el8_4.4
OR
redhatdhcp-12Range4.3.6-44.el8_4.3
OR
redhatbind9.16-32Range9.16.23-0.7.el8_6.5
OR
redhatbind9.16-32Range9.16.23-0.14.el8_8.4
OR
redhatbind-32Range9.11.36-8.el8_8.4
OR
redhatdhcp-12Range4.3.6-49.el8_8.1
OR
redhatbind-32Range9.16.23-14.el9_3.4
OR
redhatbind-dyndb-ldapRange11.9-8.el9_3.3
OR
redhatbind-32Range9.16.23-18.el9_4.1
OR
redhatbind-dyndb-ldapRange11.9-9.el9_4
OR
redhatbind-32Range9.16.23-1.el9_0.5
OR
redhatbind-dyndb-ldap-0Range11.9-7.el9_0.1
OR
redhatbind-32Range9.16.23-11.el9_2.4
OR
redhatbind-dyndb-ldap-0Range11.9-8.el9_2.2
OR
redhatunboundRange1.16.2-5.el8_9.2
OR
redhatdnsmasqRange2.79-31.el8_9.2
OR
redhatunbound-0Range1.7.3-12.el8_2.1
OR
redhatdnsmasq-0Range2.79-11.el8_2.3
OR
redhatunbound-0Range1.7.3-15.el8_4.1
OR
redhatdnsmasq-0Range2.79-15.el8_4.2
OR
redhatdnsmasq-0Range2.79-21.el8_6.5
OR
redhatunbound-0Range1.7.3-17.el8_6.4
OR
redhatunbound-0Range1.16.2-5.el8_8.1
OR
redhatdnsmasq-0Range2.79-26.el8_8.4
OR
redhatunboundRange1.16.2-3.el9_3.1
OR
redhatdnsmasqRange2.85-14.el9_3.1
OR
redhatdnsmasq-0Range2.85-3.el9_0.1
OR
redhatunbound-0Range1.13.1-13.el9_0.4
OR
redhatunbound-0Range1.16.2-3.el9_2.1
OR
redhatdnsmasq-0Range2.85-6.el9_2.3
OR
redhatexpatRange2.2.5-11.el8_9.1
OR
redhatxmlrpc-cRange1.51.0-9.el8_10
OR
redhatexpat-0Range2.2.5-8.el8_6.5
OR
redhatexpat-0Range2.2.5-11.el8_8.2
OR
redhatexpatRange2.5.0-1.el9_3.1
OR
redhatexpat-0Range2.5.0-1.el9_2.1
OR
redhatlibxml2Range2.9.7-18.el8_10.1
OR
redhatlibxml2-0Range2.9.7-13.el8_6.5
OR
redhatlibxml2-0Range2.9.7-16.el8_8.4
OR
redhatlibxml2Range2.9.13-6.el9_4
OR
redhatlibxml2-0Range2.9.13-3.el9_2.3
OR
redhatpython3-0Range3.6.8-24.el8_2.3
OR
redhatpython3-0Range3.6.8-39.el8_4.5
OR
redhatpython3.11-0Range3.11.2-2.el8_8.3
OR
redhatpython3.11Range3.11.7-1.el9_4.1
OR
redhatpython3.9-0Range3.9.10-4.el9_0.4
OR
redhatpython3.11-0Range3.11.2-2.el9_2.4
OR
redhatpython3.9-0Range3.9.16-1.el9_2.5
OR
redhatedk2Range20220126gitbb1bba3d77-6.el8_9.6
OR
redhatedk2-0Range20190829git37eef91017ad-9.el8_2.3
OR
redhatedk2-0Range20200602gitca407c7246bf-4.el8_4.4
OR
redhatedk2-0Range20220126gitbb1bba3d77-2.el8_6.4
OR
redhatedk2-0Range20220126gitbb1bba3d77-4.el8_8.3
OR
redhatedk2Range20230524-4.el9_3.2
OR
redhatedk2-0Range20220126gitbb1bba3d77-3.el9_0.4
OR
redhatedk2-0Range20221207gitfff6d81270b5-9.el9_2.2
OR
redhatedk2-0Range20190829git37eef91017ad-9.el8_2.4
OR
redhatedk2-0Range20200602gitca407c7246bf-4.el8_4.5
OR
redhatglibcRange2.28-236.el8_9.13
OR
redhatglibcRange2.28-251.el8_10.1
AND
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatch9
OR
redhatenterprise_linuxMatch7
VendorProductVersionCPE
redhatlibssh*cpe:2.3:a:redhat:libssh:*:*:*:*:*:*:*:*
redhatglibc*cpe:2.3:a:redhat:glibc:*:*:*:*:*:*:*:*
redhatglibc-0*cpe:2.3:a:redhat:glibc-0:*:*:*:*:*:*:*:*
redhatservice_interconnect*cpe:2.3:a:redhat:service_interconnect:*:*:*:*:*:*:*:*
redhatbind-32*cpe:2.3:a:redhat:bind-32:*:*:*:*:*:*:*:*
redhatbind9.16-32*cpe:2.3:a:redhat:bind9.16-32:*:*:*:*:*:*:*:*
redhatdhcp-12*cpe:2.3:a:redhat:dhcp-12:*:*:*:*:*:*:*:*
redhatjbcs-httpd24-curl-0*cpe:2.3:a:redhat:jbcs-httpd24-curl-0:*:*:*:*:*:*:*:*
redhatjbcs-httpd24-httpd-0*cpe:2.3:a:redhat:jbcs-httpd24-httpd-0:*:*:*:*:*:*:*:*
redhatjbcs-httpd24-mod_http2-0*cpe:2.3:a:redhat:jbcs-httpd24-mod_http2-0:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 651

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.05

Percentile

93.1%