Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:0298
HistoryJan 18, 2024 - 4:05 p.m.

(RHSA-2024:0298) Critical: Red Hat Advanced Cluster Management 2.9.2 security and bug fix container updates

2024-01-1816:05:35
access.redhat.com
20
red hat advanced cluster management
kubernetes
security policy
jira issues
go-git
dos
rce
unix
bug fix.

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON

Red Hat Advanced Cluster Management for Kubernetes 2.9.2 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

Jira issues addressed:

ACM-8456: ‘Search’ feature on logs page is not working
ACM-8857: credentials restore file is executed after resources restore
ACM-8966: oc get policy still returns NonCompliant 10 minutes after deleting the certificate and secret
ACM-9094: Configuration Policy controller unexpectedly gets taken out of uninstall mode

Security fix(es):
CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on go-git clients
CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

Related

nessus 98
osv 7
openvas 52
ibm 5
redhat 8
oraclelinux 2
almalinux 1
ubuntu 3
cve 2
debiancve 2
prion 2
f5 1
alpinelinux 2
amazon 6
cvelist 2
ubuntucve 2
nvd 1
slackware 1
broadcom 1
redos 1
nessus
nessus
CentOS 8 : openssl (CESA-2023:7877)
2024-01-09 00:00:00
RHEL 8 : openssl (RHSA-2023:7877)
2023-12-19 00:00:00
EulerOS Virtualization 3.0.6.6 : shim (EulerOS-SA-2024-1666)
2024-05-17 00:00:00
osv
osv
Low: openssl security update
2023-12-19 00:00:00
openssl1.0 vulnerabilities
2024-03-21 16:53:43
CVE-2023-5678
2023-11-06 16:15:42
openvas
openvas
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1666)
2024-05-16 00:00:00
Huawei EulerOS: Security Advisory for openssl111d (EulerOS-SA-2024-1157)
2024-02-09 00:00:00
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1164)
2024-02-09 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in openssl library (CVE-2023-3446, CVE-2023-3817, CVE-2023-5678) affect Power HMC.
2024-09-10 15:18:10
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multible go-git vulnerabilities.
2024-09-09 18:48:46
Security Bulletin: IBM Storage Ceph is vulnerable to a Path Traversal in Grafana (CVE-2023-49568, CVE-2023-49569)
2024-08-05 20:33:33
redhat
redhat
(RHSA-2024:0154) Low: openssl security update
2024-01-10 16:25:10
(RHSA-2023:7877) Low: openssl security update
2023-12-18 07:10:45
(RHSA-2024:0208) Low: openssl security update
2024-01-11 21:04:17
oraclelinux
oraclelinux
openssl security update
2024-01-10 00:00:00
openssl security update
2023-12-18 00:00:00
almalinux
almalinux
Low: openssl security update
2023-12-19 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2024-03-21 00:00:00
OpenSSL vulnerabilities
2023-10-18 00:00:00
OpenSSL vulnerabilities
2023-10-25 00:00:00
cve
cve
CVE-2023-5678
2023-11-06 16:15:42
CVE-2023-3817
2023-07-31 16:15:10
debiancve
debiancve
CVE-2023-5678
2023-11-06 16:15:42
CVE-2023-3817
2023-07-31 16:15:10
prion
prion
Design/Logic Flaw
2023-11-06 16:15:00
Design/Logic Flaw
2023-07-31 16:15:00
f5
f5
K000138242 : OpenSSL vulnerability CVE-2023-5678
2024-01-17 00:00:00
alpinelinux
alpinelinux
CVE-2023-5678
2023-11-06 16:15:42
CVE-2023-3817
2023-07-31 16:15:10
amazon
amazon
Medium: openssl
2023-11-29 22:19:00
Medium: edk2
2023-08-17 11:58:00
Medium: openssl
2023-11-29 23:18:00
cvelist
cvelist
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
2023-11-06 15:47:30
CVE-2023-3817 Excessive time spent checking DH q parameter value
2023-07-31 15:34:13
ubuntucve
ubuntucve
CVE-2023-5678
2023-11-06 00:00:00
CVE-2023-3817
2023-07-31 00:00:00
nvd
nvd
CVE-2023-5678
2023-11-06 16:15:42
slackware
slackware
[slackware-security] openssl
2023-08-02 17:08:29
broadcom
broadcom
Excessive time spent checking DH q parameter value (CVE-2023-3817)
2024-04-16 00:00:00
redos
redos
ROS-20230907-04
2023-09-07 00:00:00

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON
Related for RHSA-2024:0298
nessus98osv7openvas52ibm5redhat8oraclelinux2almalinux1ubuntu3cve2debiancve2prion2f51alpinelinux2amazon6cvelist2ubuntucve2nvd1slackware1broadcom1redos1