Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:4846
HistoryJul 31, 2024 - 2:28 p.m.

(RHSA-2024:4846) Moderate: OpenShift Container Platform 4.13.46 security update

2024-07-3114:28:15
access.redhat.com
7
red hat openshift
security update
4.13.46
cve-2023-29483
cve-2024-6104
kubernetes
cloud computing
on-premise
release notes
cvss score
upgrade instructions

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

9.3

Confidence

High

EPSS

0.019

Percentile

88.8%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.46. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:4848

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

  • dnspython: denial of service in stub resolver (CVE-2023-29483)
  • go-retryablehttp: url might write sensitive information to log file
    (CVE-2024-6104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Related

nessus 68
redhat 24
freebsd 1
openvas 19
ibm 3
oraclelinux 9
almalinux 8
ubuntucve 5
nvd 2
debiancve 3
prion 3
vulnrichment 3
redhatcve 4
amazon 1
osv 21
rocky 9
cvelist 5
cve 3
redos 1
ubuntu 1
gentoo 1
fedora 1
cbl_mariner 3
qt 1
nessus
nessus
RHEL 9 : kernel (RHSA-2024:4823)
2024-07-24 00:00:00
RHEL 9 : kernel-rt (RHSA-2024:4831)
2024-07-24 00:00:00
RHEL 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)
2024-06-27 00:00:00
redhat
redhat
(RHSA-2024:4823) Important: kernel security update
2024-07-24 12:40:38
(RHSA-2024:4831) Important: kernel-rt security update
2024-07-24 12:51:56
(RHSA-2024:0045) Important: OpenShift Container Platform 4.16.0 security update
2024-06-27 12:28:13
freebsd
freebsd
go -- multiple vulnerabilities
2024-03-05 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0811-1)
2024-03-11 00:00:00
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:0812-1)
2024-03-25 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1856)
2024-07-01 00:00:00
ibm
ibm
Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2024-24785, CVE-2023-45289, CVE-2024-24783, CVE-2023-45290, CVE-2024-24784)
2024-07-01 05:56:51
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go
2024-08-22 00:19:22
Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities CVE-2023-45290, CVE-2024-24783, CVE-2024-24785, CVE-2023-45289, CVE-2024-24784 & CVE-2024-24788
2024-07-24 11:02:46
oraclelinux
oraclelinux
go-toolset:ol8 security update
2024-05-29 00:00:00
golang security update
2024-05-07 00:00:00
container-tools:ol8 security update
2024-08-13 00:00:00
almalinux
almalinux
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
Important: golang security update
2024-04-30 00:00:00
Important: container-tools:rhel8 security update
2024-08-13 00:00:00
ubuntucve
ubuntucve
CVE-2023-5633
2023-10-23 00:00:00
CVE-2023-52518
2024-03-02 00:00:00
CVE-2023-52707
2024-05-21 00:00:00
nvd
nvd
CVE-2023-5633
2023-10-23 22:15:09
CVE-2021-47459
2024-05-22 07:15:10
debiancve
debiancve
CVE-2023-5633
2023-10-23 22:15:09
CVE-2023-52518
2024-03-02 22:15:47
CVE-2022-40133
2022-09-09 15:15:15
prion
prion
Double free
2023-10-23 22:15:00
Design/Logic Flaw
2024-03-02 22:15:00
Design/Logic Flaw
2022-09-09 15:15:00
vulnrichment
vulnrichment
CVE-2023-5633 Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
2023-10-23 21:58:59
CVE-2023-52707 sched/psi: Fix use-after-free in ep_remove_wait_queue()
2024-05-21 15:22:55
CVE-2021-47459 can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
2024-05-22 06:23:21
redhatcve
redhatcve
CVE-2023-5633
2023-10-23 14:01:09
CVE-2023-52518
2024-03-04 20:02:31
CVE-2023-52811
2024-05-23 11:11:44
amazon
amazon
Medium: golang
2024-05-23 22:04:00
osv
osv
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
Important: go-toolset:rhel8 security update
2024-06-14 13:59:30
Important: golang security update
2024-04-30 00:00:00
rocky
rocky
go-toolset:rhel8 security update
2024-06-14 13:59:30
golang security update
2024-05-10 14:32:42
container-tools:rhel8 security update
2024-08-21 14:52:31
cvelist
cvelist
CVE-2023-5633 Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
2023-10-23 21:58:59
CVE-2023-52518 Bluetooth: hci_codec: Fix leaking content of local_codecs
2024-03-02 21:54:47
CVE-2021-47459 can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
2024-05-22 06:23:21
cve
cve
CVE-2023-5633
2023-10-23 22:15:09
CVE-2023-52518
2024-03-02 22:15:47
CVE-2022-40133
2022-09-09 15:15:15
redos
redos
ROS-20240805-08
2024-08-05 00:00:00
ubuntu
ubuntu
Go vulnerabilities
2024-07-09 00:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2024-08-07 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: qt6-qtbase-6.6.2-2.fc39
2024-07-19 02:21:59
cbl_mariner
cbl_mariner
CVE-2024-39936 affecting package qt5-qtbase for versions less than 5.12.11-13
2024-08-18 14:44:42
CVE-2024-39936 affecting package qtbase for versions less than 6.6.2-1
2024-07-24 00:12:29
CVE-2024-26908 affecting package kernel for versions less than 6.6.29.1-4
2024-06-21 09:32:44
qt
qt
Security advisory: Recently discovered HTTP2 handling issue impacts Qt
2024-07-17 00:00:00

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

9.3

Confidence

High

EPSS

0.019

Percentile

88.8%

JSON
Related for RHSA-2024:4846
nessus68redhat24freebsd1openvas19ibm3oraclelinux9almalinux8ubuntucve5nvd2debiancve3prion3vulnrichment3redhatcve4amazon1osv21rocky9cvelist5cve3redos1ubuntu1gentoo1fedora1cbl_mariner3qt1