Lucene search

RedHatRHSA-2024:0989

HistoryFeb 26, 2024 - 4:05 p.m.

(RHSA-2024:0989) Critical: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updates

2024-02-2616:05:42

access.redhat.com

rhsa-2024:0989

red hat multicluster globalhub

container images

security fix

cve-2023-49568

cve-2023-49569

go-git

dos

path traversal

rce

unix

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.965

Percentile

99.6%

JSON

Red Hat Multicluster GlobalHub 1.0.2 images

This advisory contains the container images for Red Hat Multicluster
GlobalHub, which fix several bugs.

Security fix(es):
CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on
go-git clients
CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path
traversal and RCE on go-git clients

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.965

Percentile

99.6%

JSON

Related for RHSA-2024:0989