Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:6236
HistorySep 03, 2024 - 4:54 p.m.

(RHSA-2024:6236) Moderate: Red Hat Advanced Cluster Management 2.10.5 security and bug fix update

2024-09-0316:54:19
access.redhat.com
red hat
kubernetes
security fix
bug fix
cve
documentation
cloud environments
container images
release notes

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

8.3

Confidence

High

JSON

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.10

Security Fix(es) from Bugzilla:

  • opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics (CVE-2023-47108)

  • opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.

Related

redhat 26
osv 20
nessus 70
almalinux 7
oraclelinux 8
ibm 9
mageia 6
ubuntu 5
openvas 39
cloudfoundry 2
rocky 1
fedora 2
ubuntucve 1
redos 1
amazon 1
f5 1
redhat
redhat
(RHSA-2024:2933) Important: logging for Red Hat OpenShift security update
2024-05-23 06:15:17
(RHSA-2024:2447) Low: openssl and openssl-fips-provider security update
2024-04-30 06:15:44
(RHSA-2024:6044) Low: Red Hat Advanced Cluster Management 2.11.2 bug fixes and container updates
2024-08-29 14:45:39
osv
osv
Low: openssl and openssl-fips-provider security update
2024-04-30 00:00:00
openssl vulnerabilities
2024-02-05 12:18:56
openssl1.0 vulnerabilities
2024-03-21 16:53:43
nessus
nessus
RHEL 9 : openssl and openssl-fips-provider (RHSA-2024:2447)
2024-04-30 00:00:00
Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-2447)
2024-05-06 00:00:00
OpenSSL 3.1.0 < 3.1.5 Multiple Vulnerabilities
2023-11-07 00:00:00
almalinux
almalinux
Low: openssl and openssl-fips-provider security update
2024-04-30 00:00:00
Low: openssl security update
2023-12-19 00:00:00
Moderate: krb5 security update
2024-08-13 00:00:00
oraclelinux
oraclelinux
openssl and openssl-fips-provider security update
2024-05-03 00:00:00
openssl security update
2024-01-10 00:00:00
openssl security update
2023-12-18 00:00:00
ibm
ibm
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL
2024-06-28 21:59:28
Security Bulletin: Security vulnerabilities may affect Ubuntu packages that are shipped with IBM CICS TX Advanced.
2024-07-16 12:17:30
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
2024-07-16 08:12:23
mageia
mageia
Updated quictls packages fix security vulnerabilities
2024-02-15 02:02:34
Updated openssl packages fix security vulnerabilities
2024-02-04 05:49:27
Updated openssl packages fix security vulnerability
2023-09-11 16:07:54
ubuntu
ubuntu
OpenSSL vulnerabilities
2024-02-05 00:00:00
OpenSSL vulnerabilities
2024-03-21 00:00:00
Kerberos vulnerabilities
2024-08-08 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0020)
2024-02-05 00:00:00
Mageia: Security Advisory (MGASA-2024-0036)
2024-02-15 00:00:00
Ubuntu: Security Advisory (USN-6622-1)
2024-02-06 00:00:00
cloudfoundry
cloudfoundry
USN-6622-1: OpenSSL vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
USN-6733-1: GnuTLS vulnerabilities | Cloud Foundry
2024-05-23 00:00:00
rocky
rocky
gnutls security update
2024-05-10 14:32:36
fedora
fedora
[SECURITY] Fedora 38 Update: gnutls-3.8.4-1.fc38
2024-03-31 01:54:40
[SECURITY] Fedora 39 Update: gnutls-3.8.4-1.fc39
2024-03-24 01:07:12
ubuntucve
ubuntucve
CVE-2024-37371
2024-06-28 00:00:00
redos
redos
ROS-20240911-04
2024-09-11 00:00:00
amazon
amazon
Medium: krb5
2024-07-18 02:00:00
f5
f5
K000141041: GnuTLS vulnerabilities CVE-2024-28834 and CVE-2024-28835
2024-09-12 00:00:00

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

8.3

Confidence

High

JSON
Related for RHSA-2024:6236
redhat26osv20nessus70almalinux7oraclelinux8ibm9mageia6ubuntu5openvas39cloudfoundry2rocky1fedora2ubuntucve1redos1amazon1f51