What is RHSA-2024:1383?

RHSA-2024:1383 is a security advisory published by Red Hat Product Security with High severity. Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.15.0 security, enhancement, \u0026 bug fix update

Which CVE IDs does RHSA-2024:1383 cover?

RHSA-2024:1383 covers the following CVE IDs: CVE-2023-3462, CVE-2023-5981, CVE-2023-29406, CVE-2023-43804, CVE-2021-35938, CVE-2023-5954, CVE-2023-39321, CVE-2023-42465, CVE-2023-46218, CVE-2023-48795, CVE-2024-0553, CVE-2024-0567, CVE-2023-26159, CVE-2023-27043, CVE-2023-28487, CVE-2023-39615, CVE-2023-39318, CVE-2023-39322, CVE-2023-39319, CVE-2023-43646, CVE-2023-45803, CVE-2021-35937, CVE-2023-7104, CVE-2023-48631, CVE-2023-28486, CVE-2023-51385, CVE-2021-35939, CVE-2023-5363, CVE-2023-24532, CVE-2023-29409, CVE-2023-42282. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2024:1383?

RHSA-2024:1383 has a CVSS v3 base score of 9.8, published by Red Hat Product Security.

RHSA-2024:1383HighCVSS 9.8

Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.15.0 security, enhancement, & bug fix update

Vendor

Red Hat Product Security

Published

March 19, 2024

Last Modified

June 3, 2026

📋 Description

CVE-2021-35937 — rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35938 — rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35939 — rpm: checks for unsafe symlinks are not performed for intermediary directories CVE-2023-3462 — Hashicorp/vault: Vault’s LDAP Auth Method Allows for User Enumeration CVE-2023-5363 — openssl: Incorrect cipher key and IV length processing CVE-2023-5954 — vault: inbound client requests can trigger a denial of service CVE-2023-5981 — gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-7104 — sqlite: heap-buffer-overflow at sessionfuzz CVE-2023-24532 — golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results CVE-2023-26159 — follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() CVE-2023-27043 — python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple CVE-2023-28486 — sudo: Sudo does not escape control characters in log messages CVE-2023-28487 — sudo: Sudo does not escape control characters in sudoreplay output CVE-2023-29406 — golang: net/http: insufficient sanitization of Host header CVE-2023-29409 — golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-39318 — golang: html/template: improper handling of HTML-like comments within script contexts CVE-2023-39319 — golang: html/template: improper handling of special tags within script contexts CVE-2023-39321 — golang: crypto/tls: panic when processing post-handshake message on QUIC connections CVE-2023-39322 — golang: crypto/tls: lack of a limit on buffered post-handshake CVE-2023-39615 — libxml2: crafted xml can cause global buffer overflow CVE-2023-42282 — nodejs-ip: arbitrary code execution via the isPublic() function CVE-2023-42465 — sudo: Targeted Corruption of Register and Stack Variables CVE-2023-43646 — get-func-name: ReDoS in chai module CVE-2023-43804 — python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-45803 — urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-46218 — curl: information disclosure by exploiting a mixed case flaw CVE-2023-48631 — css-tools: regular expression denial of service (ReDoS) when parsing CSS CVE-2023-48795 — ssh: Prefix truncation attack on Binary Packet Protocol (BPP) CVE-2023-51385 — openssh: potential command injection via shell metacharacters CVE-2024-0553 — gnutls: incomplete fix for CVE-2023-5981 CVE-2024-0567 — gnutls: rejects certificate chain with distributed trust

Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.15.0 security, enhancement, & bug fix update

🔗 CVE IDs covered (31)

📋 Description

🔗 References (160)