CVE-2023-29406 - Vulnerability Details

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Golang	Go
Redhat	Advanced Cluster Security Cryostat Enterprise Linux Logging Migration Toolkit Applications Network Observ Optr Openshift Openshift Api Data Protection Openshift Data Foundation Openshift Distributed Tracing Openshift Secondary Scheduler Openshift Serverless Openstack Rhmt Run Once Duration Override Operator Satellite Serverless Service Telemetry Framework

Configuration 1 [-]

OR	cpe:2.3:a:golang:go::::::::
	cpe:2.3:a:golang:go::::::::

Package	CPE	Advisory	Released Date
Cryostat 2 on RHEL 8
cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11	cpe:/a:redhat:cryostat:2::el8	RHSA-2023:6031	2023-10-23T00:00:00Z
MTA-6.2-RHEL-8
mta/mta-rhel8-operator:6.2.2-3	cpe:/a:redhat:migration_toolkit_applications:6.2::el8	RHSA-2024:1027	2024-02-28T00:00:00Z
MTA-6.2-RHEL-9
mta/mta-hub-rhel9:6.2.2-2	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:1027	2024-02-28T00:00:00Z
mta/mta-operator-bundle:6.2.2-5	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:1027	2024-02-28T00:00:00Z
mta/mta-pathfinder-rhel9:6.2.2-2	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:1027	2024-02-28T00:00:00Z
mta/mta-ui-rhel9:6.2.2-2	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:1027	2024-02-28T00:00:00Z
mta/mta-windup-addon-rhel9:6.2.2-3	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:1027	2024-02-28T00:00:00Z
NETWORK-OBSERVABILITY-1.4.0-RHEL-9
network-observability/network-observability-rhel9-operator:v1.4.0-51	cpe:/a:redhat:network_observ_optr:1.4.0::el9	RHSA-2023:5974	2023-10-20T00:00:00Z
OADP-1.1-RHEL-8
oadp/oadp-velero-rhel8:1.1.7-6	cpe:/a:redhat:openshift_api_data_protection:1.1::el8	RHSA-2023:6115	2023-10-25T00:00:00Z
Openshift Serverless 1 on RHEL 8
openshift-serverless-clients-0:1.9.2-4.el8	cpe:/a:redhat:serverless:1.0::el8	RHSA-2023:6298	2023-11-03T00:00:00Z
OSSO-1.1-RHEL-8
openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-37	cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8	RHSA-2023:5933	2023-10-26T00:00:00Z
Red Hat Advanced Cluster Security 4.4
advanced-cluster-security/rhacs-main-rhel8:4.4.0-17	cpe:/a:redhat:advanced_cluster_security:4.4::el8	RHSA-2024:1570	2024-03-28T00:00:00Z
Red Hat Enterprise Linux 8
git-lfs-0:3.4.1-1.el8	cpe:/a:redhat:enterprise_linux:8	RHBA-2024:3053	2024-05-22T00:00:00Z
go-toolset:rhel8-8080020231013004859.6b4b45d8	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5721	2023-10-16T00:00:00Z
container-tools:4.0-8090020230828093056.e7857ab1	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:6938	2023-11-14T00:00:00Z
container-tools:rhel8-8090020230825121312.e7857ab1	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:6939	2023-11-14T00:00:00Z
container-tools:4.0-8090020231009143402.d7b6f4b7	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7202	2023-11-14T00:00:00Z
Red Hat Enterprise Linux 9
git-lfs-0:3.4.1-1.el9	cpe:/a:redhat:enterprise_linux:9	RHBA-2024:2274	2024-04-30T00:00:00Z
golang-0:1.19.13-1.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:5738	2023-10-16T00:00:00Z
toolbox-0:0.0.99.4-6.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:6346	2023-11-07T00:00:00Z
skopeo-2:1.13.3-1.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:6363	2023-11-07T00:00:00Z
containernetworking-plugins-1:1.3.0-4.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:6402	2023-11-07T00:00:00Z
buildah-1:1.31.3-1.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:6473	2023-11-07T00:00:00Z
podman-2:4.6.1-5.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:6474	2023-11-07T00:00:00Z
Red Hat Migration Toolkit for Containers 1.7
rhmtc/openshift-velero-plugin-rhel8:v1.7.14-3	cpe:/a:redhat:rhmt:1.7::el8	RHSA-2023:6161	2023-10-30T00:00:00Z
Red Hat OpenShift Container Platform 4.14
openshift-clients-0:4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:6840	2023-11-15T00:00:00Z
openshift-0:4.14.0-202401121302.p0.ge36e183.assembly.stream.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0293	2024-01-23T00:00:00Z
Red Hat OpenShift distributed tracing 2
jaeger-agent-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-all-in-one-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-collector-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-es-index-cleaner-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-es-rollover-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-ingester-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-operator-bundle-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-operator-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-query-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
opentelemetry-collector-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
opentelemetry-operator-bundle-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
opentelemetry-operator-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-gateway-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-gateway-opa-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-operator-bundle-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-operator-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-query-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
Red Hat OpenShift Serverless 1.30
openshift-serverless-1/client-kn-rhel8:1.9.2-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-controller-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.9.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.9.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.9.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.9.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.9.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtping-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-storage-version-migration-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-webhook-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/func-utils-rhel8:1.30.2-2	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/ingress-rhel8-operator:1.30.2-3	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/knative-rhel8-operator:1.30.2-3	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/kn-cli-artifacts-rhel8:1.9.2-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/kourier-control-rhel8:1.9.0-5	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/net-istio-controller-rhel8:1.9.0-5	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/net-istio-webhook-rhel8:1.9.0-5	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serverless-operator-bundle:1.30.2-2	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serverless-rhel8-operator:1.30.2-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-activator-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-autoscaler-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-controller-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-domain-mapping-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-queue-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-storage-version-migration-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-webhook-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/svls-must-gather-rhel8:1.30.2-1	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8:1.30.0-8	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.30.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.30.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
Red Hat OpenStack Platform 16.2
rhosp-rhel8/osp-director-agent:1.3.0-10	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5935	2023-10-19T00:00:00Z
rhosp-rhel8/osp-director-downloader:1.3.0-11	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5935	2023-10-19T00:00:00Z
rhosp-rhel8/osp-director-operator:1.3.0-9	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5935	2023-10-19T00:00:00Z
rhosp-rhel8/osp-director-operator-bundle:1.3.0-19	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5935	2023-10-19T00:00:00Z
etcd-0:3.3.23-15.el8ost	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5965	2023-10-20T00:00:00Z
Red Hat Satellite 6.14 for RHEL 8
yggdrasil-worker-forwarder-0:0.0.3-1.el8sat	cpe:/a:redhat:satellite:6.14::el8	RHSA-2023:6818	2023-11-08T00:00:00Z
RHODF-4.15-RHEL-9
odf4/cephcsi-rhel9:v4.15.0-37	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2024:1383	2024-03-19T00:00:00Z
RHOL-5.6-RHEL-8
openshift-logging/logging-loki-rhel8:v2.9.2-2	cpe:/a:redhat:logging:5.6::el8	RHSA-2023:5541	2023-10-20T00:00:00Z
RHOL-5.7-RHEL-8
openshift-logging/logging-loki-rhel8:v2.9.2-1	cpe:/a:redhat:logging:5.7::el8	RHSA-2023:5530	2023-10-20T00:00:00Z
RODOO-1.0-RHEL-8
run-once-duration-override-operator/run-once-duration-override-rhel8:v1.0-30	cpe:/a:redhat:run_once_duration_override_operator:1.0::el8	RHSA-2023:5947	2023-10-26T00:00:00Z
STF-1.5-RHEL-8
stf/prometheus-webhook-snmp-rhel8:1.5.2-8	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/service-telemetry-operator-bundle:1.5.1697612918-1	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/service-telemetry-rhel8-operator:1.5.1-8	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/sg-bridge-rhel8:1.5.0-18	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/sg-core-rhel8:5.1.1-8	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/smart-gateway-operator-bundle:5.0.1697612918-1	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/smart-gateway-rhel8-operator:5.0.1-9	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z

References

Link	Providers
https://go.dev/cl/506996
https://go.dev/issue/60374
https://groups.google.com/g/golang-announce/c/2q13H6LEEx0
https://nvd.nist.gov/vuln/detail/CVE-2023-29406
https://pkg.go.dev/vuln/GO-2023-1878
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-20230814-0002/
https://www.cve.org/CVERecord?id=CVE-2023-29406

History

Thu, 07 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 08 Sep 2024 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Distributed Tracing
CPEs		cpe:/a:redhat:openshift_distributed_tracing:2.9::el8
Vendors & Products		Redhat openshift Distributed Tracing

Mon, 19 Aug 2024 22:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift_distributed_tracing:2.9::el8~~
Vendors & Products	Redhat openshift Distributed Tracing

MITRE

Status: PUBLISHED

Assigner: Go

Published: 2023-07-11T19:23:58.511Z

Updated: 2025-02-13T16:49:14.579Z

Reserved: 2023-04-05T19:36:35.043Z

Link: CVE-2023-29406

Vulnrichment

Updated: 2024-08-02T14:07:45.735Z

NVD

Status : Modified

Published: 2023-07-11T20:15:10.643

Modified: 2024-11-21T07:56:59.913

Link: CVE-2023-29406

Redhat

Severity : Moderate

Publid Date: 2023-07-11T00:00:00Z

Links: CVE-2023-29406 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29406", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2023-04-05T19:36:35.043Z", "datePublished": "2023-07-11T19:23:58.511Z", "dateUpdated": "2025-02-13T16:49:14.579Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-11-25T11:09:28.969Z"}, "title": "Insufficient sanitization of Host header in net/http", "descriptions": [{"lang": "en", "value": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value."}], "affected": [{"vendor": "Go standard library", "product": "net/http", "collectionURL": "https://pkg.go.dev", "packageName": "net/http", "versions": [{"version": "0", "lessThan": "1.19.11", "status": "affected", "versionType": "semver"}, {"version": "1.20.0-0", "lessThan": "1.20.6", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "Request.write"}, {"name": "Client.CloseIdleConnections"}, {"name": "Client.Do"}, {"name": "Client.Get"}, {"name": "Client.Head"}, {"name": "Client.Post"}, {"name": "Client.PostForm"}, {"name": "Get"}, {"name": "Head"}, {"name": "Post"}, {"name": "PostForm"}, {"name": "Request.Write"}, {"name": "Request.WriteProxy"}, {"name": "Transport.CancelRequest"}, {"name": "Transport.CloseIdleConnections"}, {"name": "Transport.RoundTrip"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')"}]}], "references": [{"url": "https://go.dev/issue/60374"}, {"url": "https://go.dev/cl/506996"}, {"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"}, {"url": "https://pkg.go.dev/vuln/GO-2023-1878"}, {"url": "https://security.netapp.com/advisory/ntap-20230814-0002/"}, {"url": "https://security.gentoo.org/glsa/202311-09"}], "credits": [{"lang": "en", "value": "Bartek Nowotarski"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:45.735Z"}, "title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/60374", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/506996", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2023-1878", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230814-0002/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202311-09", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-07T15:39:42.813114Z", "id": "CVE-2023-29406", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T15:39:53.007Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/60374", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/506996", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2023-1878", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230814-0002/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202311-09", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:45.735Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-29406", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-07T15:39:42.813114Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T15:39:46.956Z"}}], "cna": {"title": "Insufficient sanitization of Host header in net/http", "credits": [{"lang": "en", "value": "Bartek Nowotarski"}], "affected": [{"vendor": "Go standard library", "product": "net/http", "versions": [{"status": "affected", "version": "0", "lessThan": "1.19.11", "versionType": "semver"}, {"status": "affected", "version": "1.20.0-0", "lessThan": "1.20.6", "versionType": "semver"}], "packageName": "net/http", "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "programRoutines": [{"name": "Request.write"}, {"name": "Client.CloseIdleConnections"}, {"name": "Client.Do"}, {"name": "Client.Get"}, {"name": "Client.Head"}, {"name": "Client.Post"}, {"name": "Client.PostForm"}, {"name": "Get"}, {"name": "Head"}, {"name": "Post"}, {"name": "PostForm"}, {"name": "Request.Write"}, {"name": "Request.WriteProxy"}, {"name": "Transport.CancelRequest"}, {"name": "Transport.CloseIdleConnections"}, {"name": "Transport.RoundTrip"}]}], "references": [{"url": "https://go.dev/issue/60374"}, {"url": "https://go.dev/cl/506996"}, {"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"}, {"url": "https://pkg.go.dev/vuln/GO-2023-1878"}, {"url": "https://security.netapp.com/advisory/ntap-20230814-0002/"}, {"url": "https://security.gentoo.org/glsa/202311-09"}], "descriptions": [{"lang": "en", "value": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')"}]}], "providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-11-25T11:09:28.969Z"}}}, "cveMetadata": {"cveId": "CVE-2023-29406", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:49:14.579Z", "dateReserved": "2023-04-05T19:36:35.043Z", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "datePublished": "2023-07-11T19:23:58.511Z", "assignerShortName": "Go"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "A12D1C04-755E-4205-8261-3A85D0AE0AB6", "versionEndExcluding": "1.19.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A77E128-E2EE-4E9A-9C4C-5F812E14EBFA", "versionEndExcluding": "1.20.6", "versionStartIncluding": "1.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value."}], "id": "CVE-2023-29406", "lastModified": "2024-11-21T07:56:59.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-11T20:15:10.643", "references": [{"source": "security@golang.org", "tags": ["Patch"], "url": "https://go.dev/cl/506996"}, {"source": "security@golang.org", "tags": ["Issue Tracking", "Patch"], "url": "https://go.dev/issue/60374"}, {"source": "security@golang.org", "tags": ["Mailing List"], "url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"}, {"source": "security@golang.org", "tags": ["Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-1878"}, {"source": "security@golang.org", "url": "https://security.gentoo.org/glsa/202311-09"}, {"source": "security@golang.org", "url": "https://security.netapp.com/advisory/ntap-20230814-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://go.dev/cl/506996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://go.dev/issue/60374"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-1878"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202311-09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230814-0002/"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-436"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:6031", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", "package": "mta/mta-rhel8-operator:6.2.2-3", "product_name": "MTA-6.2-RHEL-8", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-hub-rhel9:6.2.2-2", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-operator-bundle:6.2.2-5", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-pathfinder-rhel9:6.2.2-2", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-ui-rhel9:6.2.2-2", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-windup-addon-rhel9:6.2.2-3", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:5974", "cpe": "cpe:/a:redhat:network_observ_optr:1.4.0::el9", "package": "network-observability/network-observability-rhel9-operator:v1.4.0-51", "product_name": "NETWORK-OBSERVABILITY-1.4.0-RHEL-9", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:6115", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.1::el8", "package": "oadp/oadp-velero-rhel8:1.1.7-6", "product_name": "OADP-1.1-RHEL-8", "release_date": "2023-10-25T00:00:00Z"}, {"advisory": "RHSA-2023:6298", "cpe": "cpe:/a:redhat:serverless:1.0::el8", "package": "openshift-serverless-clients-0:1.9.2-4.el8", "product_name": "Openshift Serverless 1 on RHEL 8", "release_date": "2023-11-03T00:00:00Z"}, {"advisory": "RHSA-2023:5933", "cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8", "package": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-37", "product_name": "OSSO-1.1-RHEL-8", "release_date": "2023-10-26T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.4.0-17", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHBA-2024:3053", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "git-lfs-0:3.4.1-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2023:5721", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "go-toolset:rhel8-8080020231013004859.6b4b45d8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-16T00:00:00Z"}, {"advisory": "RHSA-2023:6938", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:4.0-8090020230828093056.e7857ab1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:6939", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8090020230825121312.e7857ab1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:7202", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:4.0-8090020231009143402.d7b6f4b7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHBA-2024:2274", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "git-lfs-0:3.4.1-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2023:5738", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "golang-0:1.19.13-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-10-16T00:00:00Z"}, {"advisory": "RHSA-2023:6346", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "toolbox-0:0.0.99.4-6.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6363", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "skopeo-2:1.13.3-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6402", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "containernetworking-plugins-1:1.3.0-4.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6473", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "buildah-1:1.31.3-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6474", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "podman-2:4.6.1-5.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6161", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-velero-plugin-rhel8:v1.7.14-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-30T00:00:00Z"}, {"advisory": "RHSA-2023:6840", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift-clients-0:4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2024:0293", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift-0:4.14.0-202401121302.p0.ge36e183.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-23T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-agent-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-all-in-one-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-collector-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-es-index-cleaner-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-es-rollover-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-ingester-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-operator-bundle-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-operator-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-query-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "opentelemetry-collector-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "opentelemetry-operator-bundle-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "opentelemetry-operator-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-gateway-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-gateway-opa-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-operator-bundle-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-operator-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-query-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.9.2-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.9.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.9.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.9.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.9.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.9.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/func-utils-rhel8:1.30.2-2", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.30.2-3", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.30.2-3", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.9.2-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/kourier-control-rhel8:1.9.0-5", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:1.9.0-5", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:1.9.0-5", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.30.2-2", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.30.2-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-activator-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-controller-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-domain-mapping-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-queue-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.30.2-1", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8:1.30.0-8", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.30.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.30.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:5935", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-agent:1.3.0-10", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5935", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-downloader:1.3.0-11", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5935", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-operator:1.3.0-9", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5935", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-operator-bundle:1.3.0-19", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5965", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "etcd-0:3.3.23-15.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:6818", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "package": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2023-11-08T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/cephcsi-rhel9:v4.15.0-37", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2023:5541", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-loki-rhel8:v2.9.2-2", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5530", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/logging-loki-rhel8:v2.9.2-1", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5947", "cpe": "cpe:/a:redhat:run_once_duration_override_operator:1.0::el8", "package": "run-once-duration-override-operator/run-once-duration-override-rhel8:v1.0-30", "product_name": "RODOO-1.0-RHEL-8", "release_date": "2023-10-26T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/prometheus-webhook-snmp-rhel8:1.5.2-8", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/service-telemetry-operator-bundle:1.5.1697612918-1", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/service-telemetry-rhel8-operator:1.5.1-8", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/sg-bridge-rhel8:1.5.0-18", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/sg-core-rhel8:5.1.1-8", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/smart-gateway-operator-bundle:5.0.1697612918-1", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/smart-gateway-rhel8-operator:5.0.1-9", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}], "bugzilla": {"description": "golang: net/http: insufficient sanitization of Host header", "id": "2222167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-113", "details": ["The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking."], "name": "CVE-2023-29406", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Not affected", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Not affected", "package_name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8", "product_name": "Custom Metric Autoscaler operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Not affected", "package_name": "workload-availability/node-healthcheck-rhel8-operator", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nmo:5", "fix_state": "Affected", "package_name": "workload-availability/node-maintenance-rhel8-operator", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "helm", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "ocp-tools-4/jenkins-rhel8", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/prometheus-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "receptor", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:application_interconnect:1", "fix_state": "Affected", "package_name": "skupper-cli", "product_name": "Red Hat Application Interconnect 1.0"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "integration-service-registry-operator-container", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Affected", "package_name": "golang", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:devtools:", "fix_state": "Will not fix", "package_name": "go-toolset-1.19-golang", "product_name": "Red Hat Developer Tools"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "butane", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "ignition", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "buildah", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-tools", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "microshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "skopeo", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "mcg", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-mm-rest-proxy-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-kam", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_service_on_aws:1", "fix_state": "Affected", "package_name": "rosa", "product_name": "Red Hat OpenShift on AWS"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "collectd-libpod-stats", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Will not fix", "package_name": "collectd-libpod-stats", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Out of support scope", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Will not fix", "package_name": "collectd-libpod-stats", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Not affected", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Will not fix", "package_name": "collectd-libpod-stats", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "rabbitmq-cluster-operator-container", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "go-toolset-7-golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:webterminal:1", "fix_state": "Fix deferred", "package_name": "web-terminal-operator-container", "product_name": "Red Hat Web Terminal"}, {"cpe": "cpe:/a:redhat:workload_availability_self_node_remediation", "fix_state": "Affected", "package_name": "workload-availability/self-node-remediation-rhel8-operator", "product_name": "Self Node Remediation Operator"}], "public_date": "2023-07-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-29406\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29406\nhttps://groups.google.com/g/golang-announce/c/2q13H6LEEx0"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object