Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:3450
HistoryJun 05, 2023 - 3:57 p.m.

(RHSA-2023:3450) Moderate: OpenShift Serverless Client kn 1.29.0 release

2023-06-0515:57:20
access.redhat.com
14
openshift serverless
kn cli
rpm package
cve-2023-25173
cve-2022-41723
cve-2022-41725
cve-2022-41724
cve-2023-24538
cve-2023-24536
cve-2023-24534
cve-2023-24537
cvss score

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.024 Low

EPSS

Percentile

90.0%

JSON

Red Hat OpenShift Serverless Client kn 1.29.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.29.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:

  • containerd: Supplementary groups are not set up properly(CVE-2023-25173)
  • golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding(CVE-2022-41723)
  • golang: net/http, mime/multipart: denial of service from excessive resource consumption(CVE-2022-41725)
  • golang: crypto/tls: large handshake records may cause panics(CVE-2022-41724)
  • golang: html/template: backticks not treated as string delimiters(CVE-2023-24538)
  • golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption(CVE-2023-24536)
  • golang: net/http, net/textproto: denial of service from excessive memory allocation(CVE-2023-24534)
  • golang: go/parser: Infinite loop in parsing(CVE-2023-24537)

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information refer to the CVE pages linked in the References section.

Related

nessus 78
redhat 36
mageia 2
ibm 19
freebsd 2
altlinux 2
openvas 21
redos 1
almalinux 8
osv 10
oraclelinux 7
amazon 5
ubuntu 1
rocky 1
photon 2
cbl_mariner 1
veracode 2
alpinelinux 1
nessus
nessus
RHEL 8 : OpenShift Serverless Client kn 1.29.0 (Moderate) (RHSA-2023:3450)
2024-04-28 00:00:00
CentOS 9 : toolbox-0.0.99.4-3.el9
2024-02-29 00:00:00
CentOS 9 : podman-4.6.0-0.3.el9
2024-02-29 00:00:00
redhat
redhat
(RHSA-2023:3167) Moderate: Red Hat build of Cryostat 2.3.0: new RHEL 8 container images
2023-05-18 10:57:51
(RHSA-2023:4986) Moderate: Red Hat OpenShift Distributed Tracing 2.9.0 security update
2023-09-06 07:54:47
(RHSA-2023:3612) Important: OpenShift Container Platform 4.13.4 packages and security update
2023-06-23 04:29:39
mageia
mageia
Updated golang packages fix security vulnerability
2023-04-15 22:03:44
Updated golang packages fix security vulnerability
2023-03-24 08:55:49
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-08-30 14:43:27
Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service attacks due to Golang Go (CVE-2023-24536, CVE-2023-24537, CVE-2022-41724, CVE-2022-41725)
2023-06-21 18:27:58
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go
2023-06-28 20:59:10
freebsd
freebsd
go -- multiple vulnerabilities
2023-04-04 00:00:00
go -- multiple vulnerabilities
2023-02-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.8-alt1
2023-04-10 00:00:00
Security fix for the ALT Linux 10 package golang version 1.19.6-alt1
2023-02-22 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1792-1)
2023-04-07 00:00:00
Mageia: Security Advisory (MGASA-2023-0145)
2023-04-17 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2292)
2023-07-04 00:00:00
redos
redos
ROS-20240418-06
2024-04-18 00:00:00
almalinux
almalinux
Moderate: skopeo security update
2023-11-07 00:00:00
Moderate: buildah security update
2023-11-07 00:00:00
Moderate: podman security, bug fix, and enhancement update
2023-11-07 00:00:00
osv
osv
Moderate: buildah security update
2023-11-07 00:00:00
Moderate: podman security, bug fix, and enhancement update
2023-11-07 00:00:00
Moderate: skopeo security update
2023-11-07 00:00:00
oraclelinux
oraclelinux
skopeo security update
2023-11-11 00:00:00
buildah security update
2023-11-11 00:00:00
podman security, bug fix, and enhancement update
2023-11-11 00:00:00
amazon
amazon
Important: golang
2023-04-13 19:28:00
Important: golang
2023-04-13 19:01:00
Important: amazon-ssm-agent
2023-10-12 15:09:00
ubuntu
ubuntu
Go vulnerabilities
2023-06-06 00:00:00
rocky
rocky
go-toolset:Rocky Linux8 security and bug fix update
2023-05-18 19:17:56
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0362
2023-03-23 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0425
2023-07-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-25173 affecting package moby-containerd 1.6.6+azure-7
2023-03-16 03:40:27
veracode
veracode
Privilege Escalation
2023-02-17 08:54:33
Denial Of Service (DoS)
2023-02-18 18:51:32
alpinelinux
alpinelinux
CVE-2022-41725
2023-02-28 18:15:10

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.024 Low

EPSS

Percentile

90.0%

JSON
Related for RHSA-2023:3450
nessus78redhat36mageia2ibm19freebsd2altlinux2openvas21redos1almalinux8osv10oraclelinux7amazon5ubuntu1rocky1photon2cbl_mariner1veracode2alpinelinux1