Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:4591
HistoryJul 17, 2024 - 1:08 p.m.

(RHSA-2024:4591) Important: Red Hat OpenShift Data Foundation 4.16.0 security, enhancement & bug fix update

2024-07-1713:08:05
access.redhat.com
11
red hat
openshift
data foundation
4.16.0
security
enhancement
bug fix
dos vulnerabilities
memory leaks
resource exhaustion
denial of service

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.002

Percentile

61.7%

JSON

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

Security Fix(es):

  • get-func-name: ReDoS in chai module (CVE-2023-43646)

  • opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics (CVE-2023-47108)

  • golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

  • golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

  • golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

  • jose: resource exhaustion (CVE-2024-28176)

  • jose-go: improper handling of highly compressed data (CVE-2024-28180)

  • submariner-operator: RBAC permissions can allow for the spread of node compromises (CVE-2024-5042)

  • nodejs-ws: denial of service when handling a request with many HTTP headers (CVE-2024-37890)

  • node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):
These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:

https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.16/html/4.16_release_notes/index

All Red Hat OpenShift Data Foundation users are advised to upgrade to these packages that provide these bug fixes and enhancements.

Related

nessus 70
redhat 33
ibm 6
fedora 7
osv 21
openvas 23
almalinux 7
oraclelinux 8
rocky 7
mageia 1
debian 1
redos 1
slackware 1
amazon 2
debiancve 2
ubuntucve 1
veracode 2
prion 1
github 1
redhatcve 1
cbl_mariner 1
cvelist 1
cve 1
nessus
nessus
RHEL 8 / 9 : Red Hat Ceph Storage 7.1 (RHSA-2024:3925)
2024-06-14 00:00:00
RHCOS 4 : OpenShift Container Platform 4.12.54 (RHSA-2024:1574)
2024-04-03 00:00:00
RHEL 8 / 9 : OpenShift Container Platform 4.12.54 (RHSA-2024:1574)
2024-04-03 00:00:00
redhat
redhat
(RHSA-2024:3925) Critical: Red Hat Ceph Storage 7.1 security, enhancements, and bug fix update
2024-06-13 14:11:14
(RHSA-2024:1563) Important: OpenShift Container Platform 4.15.6 packages and security update
2024-04-02 21:28:17
(RHSA-2024:1574) Important: OpenShift Container Platform 4.12.54 packages and security update
2024-04-03 07:03:16
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multible go-git vulnerabilities.
2024-09-09 18:48:46
Security Bulletin: IBM Storage Ceph is vulnerable to a Path Traversal in Grafana (CVE-2023-49568, CVE-2023-49569)
2024-08-05 20:33:33
Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Go-git with Instana Agent container image
2024-03-15 13:48:36
fedora
fedora
[SECURITY] Fedora 40 Update: apptainer-1.3.0-1.fc40
2024-03-23 00:52:04
[SECURITY] Fedora 39 Update: apptainer-1.3.0-1.fc39
2024-03-22 01:16:30
[SECURITY] Fedora 38 Update: podman-tui-1.0.0-1.fc38
2024-03-30 01:44:44
osv
osv
Moderate: container-tools:rhel8 bug fix and enhancement update
2024-06-18 00:00:00
Moderate: container-tools:rhel8 bug fix and enhancement update
2024-07-02 14:10:24
Important: python3 security update
2024-06-14 13:59:16
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-453ee0b3b9)
2024-03-25 00:00:00
Fedora: Security Advisory (FEDORA-2024-831bad8f8f)
2024-04-03 00:00:00
Fedora: Security Advisory for podman-tui (FEDORA-2024-529fe8a802)
2024-04-03 00:00:00
almalinux
almalinux
Moderate: container-tools:rhel8 bug fix and enhancement update
2024-06-18 00:00:00
Important: python3.9 security update
2024-06-25 00:00:00
Important: python3 security update
2024-05-23 00:00:00
oraclelinux
oraclelinux
container-tools:ol8 bug fix and enhancement update
2024-06-18 00:00:00
skopeo security and bug fix update
2024-05-07 00:00:00
python3.9 security update
2024-06-25 00:00:00
rocky
rocky
container-tools:rhel8 bug fix and enhancement update
2024-07-02 14:10:24
python3 security update
2024-06-14 13:59:16
python3.9 security update
2024-07-02 14:11:27
mageia
mageia
Updated python3, python packages fix security vulnerabilities
2024-03-28 06:52:55
debian
debian
[SECURITY] [DLA 3772-1] python3.7 security update
2024-03-24 21:51:46
redos
redos
ROS-20240826-13
2024-08-26 00:00:00
slackware
slackware
[slackware-security] python3
2024-03-20 21:14:26
amazon
amazon
Important: amazon-ssm-agent
2024-02-15 03:52:00
Important: amazon-ssm-agent
2024-02-14 20:03:00
debiancve
debiancve
CVE-2024-37890
2024-06-17 20:15:13
CVE-2023-43646
2023-09-27 15:19:34
ubuntucve
ubuntucve
CVE-2023-43646
2023-09-27 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-10-04 12:48:26
Denial Of Service (DoS)
2024-06-19 06:39:43
prion
prion
Input validation
2023-09-27 15:19:00
github
github
Chaijs/get-func-name vulnerable to ReDoS
2023-09-27 20:16:00
redhatcve
redhatcve
CVE-2023-43646
2023-09-28 11:54:38
cbl_mariner
cbl_mariner
CVE-2024-37890 affecting package reaper for versions less than 3.1.1-10
2024-07-12 23:39:02
cvelist
cvelist
CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws
2024-06-17 19:09:02
cve
cve
CVE-2024-37890
2024-06-17 20:15:13

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.002

Percentile

61.7%

JSON
Related for RHSA-2024:4591
nessus70redhat33ibm6fedora7osv21openvas23almalinux7oraclelinux8rocky7mageia1debian1redos1slackware1amazon2debiancve2ubuntucve1veracode2prion1github1redhatcve1cbl_mariner1cvelist1cve1