Lucene search

K

RedHatRHSA-2023:0692

HistoryFeb 09, 2023 - 1:05 a.m.

(RHSA-2023:0692) Moderate: OpenShift API for Data Protection (OADP) 1.0.7 security and bug fix update

2023-02-0901:05:23

access.redhat.com

21

openshift api

data protection

oadp

backup

restore

security fix

bugzilla

golang

http/2

cve-2022-32149

cve-2022-41717

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.9%

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Security Fix(es) from Bugzilla:

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)
golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.9%

Related for RHSA-2023:0692

cve2 cbl_mariner18 ibm18 redhatcve2 cgr1 alpinelinux2 prion2 github2 nessus59 debiancve2 veracode2 redhat7 osv8 gitlab3 ubuntucve2 nvd2 cvelist2 wolfi1 openvas32 photon2 fedora25 amazon1 mageia1 almalinux2 oraclelinux1