VIR Vulnerability Intelligence Relay

CVE-2024-24783

medium
Published 2024-04-30 ยท Modified 2024-09-24
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.5

Description

RHSA-2024:6969: container-tools:rhel8 security update (Moderate)

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata โ€” Red Hat Inc. ยท View original โ†— ยท Open-Errata-API

Description golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm Red Hat statement Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. CVSS v3: 5.9โ€ฆ

Workaround

for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Description

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

Red Hat statement

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

CVSS v3: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Errata / fixed releases

ProductPackageAdvisoryReleased
Builds for Red Hat OpenShiftopenshift-builds-waiters-containerRHSA-2024:62212024-09-03T00:00:00Z
Cryostat 2 on RHEL 8cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:2.4.0-7RHSA-2024:20882024-04-29T00:00:00Z
Cryostat 2 on RHEL 8cryostat-tech-preview/cryostat-operator-bundle:2.4.0-4RHSA-2024:20882024-04-29T00:00:00Z
Cryostat 2 on RHEL 8cryostat-tech-preview/cryostat-reports-rhel8:2.4.0-4RHSA-2024:20882024-04-29T00:00:00Z
Cryostat 2 on RHEL 8cryostat-tech-preview/cryostat-rhel8:2.4.0-4RHSA-2024:20882024-04-29T00:00:00Z
Cryostat 2 on RHEL 8cryostat-tech-preview/cryostat-rhel8-operator:2.4.0-9RHSA-2024:20882024-04-29T00:00:00Z
Cryostat 2 on RHEL 8cryostat-tech-preview/jfr-datasource-rhel8:2.4.0-4RHSA-2024:20882024-04-29T00:00:00Z
KDO-5.0-RHEL-9kube-descheduler-operator/descheduler-rhel9:v5.0-31RHSA-2024:36172024-07-01T00:00:00Z
KDO-5.0-RHEL-9kube-descheduler-operator/kube-descheduler-operator-bundle:v5.0-23RHSA-2024:36172024-07-01T00:00:00Z
KDO-5.0-RHEL-9kube-descheduler-operator/kube-descheduler-rhel9-operator:v5.0-28RHSA-2024:36172024-07-01T00:00:00Z
NETWORK-OBSERVABILITY-1.6.0-RHEL-9network-observability/network-observability-cli-rhel9:v1.6.0-66RHSA-2024:38682024-06-17T00:00:00Z
NETWORK-OBSERVABILITY-1.6.0-RHEL-9network-observability/network-observability-console-plugin-rhel9:v1.6.0-66RHSA-2024:38682024-06-17T00:00:00Z
NETWORK-OBSERVABILITY-1.6.0-RHEL-9network-observability/network-observability-ebpf-agent-rhel9:v1.6.0-66RHSA-2024:38682024-06-17T00:00:00Z
NETWORK-OBSERVABILITY-1.6.0-RHEL-9network-observability/network-observability-flowlogs-pipeline-rhel9:v1.6.0-66RHSA-2024:38682024-06-17T00:00:00Z
NETWORK-OBSERVABILITY-1.6.0-RHEL-9network-observability/network-observability-operator-bundle:1.6.0-78RHSA-2024:38682024-06-17T00:00:00Z
NETWORK-OBSERVABILITY-1.6.0-RHEL-9network-observability/network-observability-rhel9-operator:v1.6.0-66RHSA-2024:38682024-06-17T00:00:00Z
OADP-1.3-RHEL-9oadp/oadp-velero-rhel9:1.3.2-9RHSA-2024:37902024-06-11T00:00:00Z
OpenShift Custom Metrics Autoscaler 2custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8:2.12.1-394RHSA-2024:29012024-05-23T00:00:00Z
OpenShift Custom Metrics Autoscaler 2custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8:2.12.1-394RHSA-2024:29012024-05-23T00:00:00Z
OpenShift Custom Metrics Autoscaler 2custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle:2.12.1-394RHSA-2024:29012024-05-23T00:00:00Z
OpenShift Custom Metrics Autoscaler 2custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8:2.12.1-394RHSA-2024:29012024-05-23T00:00:00Z
OpenShift Custom Metrics Autoscaler 2custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator:2.12.1-394RHSA-2024:29012024-05-23T00:00:00Z
Openshift Serverless 1 on RHEL 8openshift-serverless-clients-0:1.12.0-7.el8RHSA-2024:40232024-06-20T00:00:00Z
OSSO-1.3-RHEL-9openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle:v1.3-12RHSA-2024:36372024-07-01T00:00:00Z
OSSO-1.3-RHEL-9openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator:v1.3-12RHSA-2024:36372024-07-01T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-central-db-rhel8:4.4.2-4RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-collector-rhel8:4.4.2-4RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-collector-slim-rhel8:4.4.2-4RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-main-rhel8:4.4.2-6RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-operator-bundle:4.4.2-6RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-rhel8-operator:4.4.2-4RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-roxctl-rhel8:4.4.2-4RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-scanner-db-rhel8:4.4.2-4RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.4.2-4RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-scanner-rhel8:4.4.2-4RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-scanner-slim-rhel8:4.4.2-4RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.4.2-4RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Advanced Cluster Security 4.4advanced-cluster-security/rhacs-scanner-v4-rhel8:4.4.2-6RHSA-2024:29412024-05-21T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 8receptor-0:1.4.8-1.el8apRHSA-2024:37812024-06-10T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 9receptor-0:1.4.8-1.el9apRHSA-2024:37812024-06-10T00:00:00Z
Red Hat Ceph Storage 8.1rhceph/grafana-rhel9:11.5.2-6RHSA-2025:97762025-06-26T00:00:00Z
Red Hat Ceph Storage 8.1rhceph/keepalived-rhel9:2.2.8-65RHSA-2025:97762025-06-26T00:00:00Z
Red Hat Ceph Storage 8.1rhceph/oauth2-proxy-rhel9:v7.6.0-27RHSA-2025:97762025-06-26T00:00:00Z
Red Hat Ceph Storage 8.1rhceph/rhceph-8-rhel9:8-492RHSA-2025:97762025-06-26T00:00:00Z
Red Hat Ceph Storage 8.1rhceph/rhceph-haproxy-rhel9:2.4.22-67RHSA-2025:97762025-06-26T00:00:00Z
Red Hat Ceph Storage 8.1rhceph/rhceph-promtail-rhel9:v3.0.0-34RHSA-2025:97762025-06-26T00:00:00Z
Red Hat Ceph Storage 8.1rhceph/snmp-notifier-rhel9:1.2.1-115RHSA-2025:97762025-06-26T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Supportrhc-worker-script-0:0.9-5.el7_9RHSA-2024:48932024-07-29T00:00:00Z
Red Hat Enterprise Linux 8go-toolset:rhel8-8100020240412145753.a3795deeRHSA-2024:32592024-05-22T00:00:00Z
Red Hat Enterprise Linux 8git-lfs-0:3.4.1-2.el8_10RHSA-2024:33462024-05-23T00:00:00Z
Red Hat Enterprise Linux 8container-tools:rhel8-8100020240808093819.afee755dRHSA-2024:52582024-08-13T00:00:00Z
Red Hat Enterprise Linux 8container-tools:rhel8-8100020240913121423.afee755dRHSA-2024:69692024-09-24T00:00:00Z
Red Hat Enterprise Linux 9golang-0:1.21.9-2.el9_4RHSA-2024:25622024-04-30T00:00:00Z
Red Hat Enterprise Linux 9git-lfs-0:3.4.1-2.el9_4RHSA-2024:27242024-05-07T00:00:00Z
Red Hat Enterprise Linux 9containernetworking-plugins-1:1.4.0-5.el9_4RHSA-2024:61862024-09-03T00:00:00Z
Red Hat Enterprise Linux 9gvisor-tap-vsock-6:0.7.3-5.el9_4RHSA-2024:61872024-09-03T00:00:00Z
Red Hat Enterprise Linux 9runc-4:1.1.12-4.el9_4RHSA-2024:61882024-09-03T00:00:00Z
Red Hat Enterprise Linux 9buildah-2:1.33.7-4.el9_4RHSA-2024:61892024-09-03T00:00:00Z
Red Hat Enterprise Linux 9podman-4:4.9.4-10.el9_4RHSA-2024:61942024-09-03T00:00:00Z
Red Hat Enterprise Linux 9skopeo-2:1.14.5-1.el9_4RHSA-2024:61952024-09-03T00:00:00Z

Package state

ProductPackageState
cert-manager Operator for Red Hat OpenShiftcert-manager/cert-manager-operator-rhel9Not affected
Cost Management Metrics Operatorcostmanagement-metrics-operator-containerAffected
Fence Agents Remediation Operatorworkload-availability/fence-agents-remediation-rhel8-operatorWill not fix
Logical Volume Manager Storagelvms4/topolvm-rhel9Affected
Machine Deletion Remediation Operatorworkload-availability/machine-deletion-remediation-rhel8-operatorAffected
Migration Toolkit for Applications 6mta/mta-hub-rhel8Will not fix
Migration Toolkit for Applications 7mta/mta-cli-rhel9Not affected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-api-rhel9Affected
mirror registry for Red Hat OpenShiftmirror-registry-containerAffected
Multicluster Engine for Kubernetesmulticluster-engine/hive-rhel8Will not fix
NBDE Tang Servertang-operator-containerWill not fix
Node HealthCheck Operatorworkload-availability/node-healthcheck-rhel8-operatorWill not fix
Node Maintenance Operatorworkload-availability/node-maintenance-rhel8-operatorWill not fix
OpenShift Developer Tools and ServiceshelmWill not fix
OpenShift Developer Tools and Servicesocp-tools-4/jenkins-rhel8Affected
OpenShift Pipelinesopenshift-pipelines-clientAffected
OpenShift Source-to-Image (S2I)source-to-image-containerAffected
Power monitoring for Red Hat OpenShiftkepler-containerAffected
Red Hat 3scale API Management Platform 23scale-operator-containerAffected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/subctl-rhel9Affected
Red Hat Advanced Cluster Security 3advanced-cluster-security/rhacs-main-rhel8Out of support scope
Red Hat Ansible Automation Platform 2aap-cloud-ui-containerWill not fix
Red Hat Ceph Storage 5rhceph/rhceph-5-dashboard-rhel8Out of support scope
Red Hat Ceph Storage 6rhceph/rhceph-6-dashboard-rhel9Will not fix
Red Hat Ceph Storage 7rhceph/grafana-rhel9Affected
Red Hat Certification for Red Hat Enterprise Linux 8redhat-certification-preflightWill not fix
Red Hat Certification Program for Red Hat Enterprise Linux 9redhat-certification-preflightWill not fix
Red Hat Enterprise Linux 8container-tools:4.0/buildahNot affected
Red Hat Enterprise Linux 8container-tools:4.0/conmonNot affected
Red Hat Enterprise Linux 8container-tools:4.0/containernetworking-pluginsNot affected
Red Hat Enterprise Linux 8container-tools:4.0/podmanNot affected
Red Hat Enterprise Linux 8container-tools:4.0/runcNot affected
Red Hat Enterprise Linux 8container-tools:4.0/skopeoNot affected
Red Hat Enterprise Linux 8container-tools:4.0/toolboxWill not fix
Red Hat Enterprise Linux 8grafanaAffected
Red Hat Enterprise Linux 8grafana-pcpNot affected
Red Hat Enterprise Linux 8osbuild-composerWill not fix
Red Hat Enterprise Linux 8weldr-clientWill not fix
Red Hat Enterprise Linux 9butaneWill not fix
Red Hat Enterprise Linux 9conmonNot affected
Red Hat Enterprise Linux 9grafanaAffected
Red Hat Enterprise Linux 9grafana-pcpNot affected
Red Hat Enterprise Linux 9ignitionWill not fix
Red Hat Enterprise Linux 9osbuild-composerWill not fix
Red Hat Enterprise Linux 9toolboxNot affected
Red Hat Enterprise Linux 9weldr-clientWill not fix
Red Hat OpenShift Container Platform 4butaneWill not fix
Red Hat OpenShift Container Platform 4ignitionWill not fix
Red Hat OpenShift Container Platform 4openshift-golang-builder-containerAffected
Red Hat OpenShift Dev Spacesdevspaces/udi-rhel8Affected
Red Hat OpenShift distributed tracing 2rhosdt/tempo-rhel8Affected
Red Hat OpenShift GitOpsopenshift-gitops-1/gitops-rhel8Will not fix
Red Hat OpenShift on AWSrosaWill not fix
Red Hat Openshift Sandboxed Containersopenshift-sandboxed-containers/osc-rhel9-operatorAffected
Red Hat OpenShift Virtualization 4kubevirtAffected
Red Hat OpenShift Virtualization 4openshift-golang-builder-containerAffected
Red Hat OpenStack Platform 16.2etcdWill not fix
Red Hat OpenStack Platform 16.2golang-github-infrawatch-apputilsWill not fix
Red Hat OpenStack Platform 16.2rhosp-rhel8/osp-director-agentWill not fix
Red Hat OpenStack Platform 17.1etcdWill not fix

Apply commands

bash fix
Apply RHSA-2024:6221 for Builds for Red Hat OpenShift
yum update -y openshift-builds-waiters-container
# or:
dnf upgrade -y openshift-builds-waiters-container

Affected

VendorProductVersion
redhatcert-manager Operator for Red Hat OpenShiftNot affected
redhatCost Management Metrics OperatorAffected
redhatLogical Volume Manager StorageAffected
redhatMachine Deletion Remediation OperatorAffected
redhatMigration Toolkit for Applications 7Not affected
redhatMigration Toolkit for VirtualizationAffected
redhatmirror registry for Red Hat OpenShiftAffected
redhatOpenShift Developer Tools and ServicesAffected
redhatOpenShift PipelinesAffected
redhatOpenShift Source-to-Image (S2I)Affected
redhatPower monitoring for Red Hat OpenShiftAffected
redhatRed Hat 3scale API Management Platform 2Affected
redhatRed Hat Advanced Cluster Management for Kubernetes 2Affected
redhatRed Hat Ceph Storage 7Affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 9Not affected
redhatRed Hat Enterprise Linux 9Affected
redhatRed Hat Enterprise Linux 9Not affected
redhatRed Hat Enterprise Linux 9Not affected
redhatRed Hat OpenShift Container Platform 4Affected
redhatRed Hat OpenShift Dev SpacesAffected
redhatRed Hat OpenShift distributed tracing 2Affected
redhatRed Hat Openshift Sandboxed ContainersAffected

OS impact
debian Debian Affected 2 releases
VersionStatusFixed in
bullseye Affected โ€”
bookworm Affected โ€”
suse SUSE Affected 1 release
VersionStatusFixed in
โ€” Affected โ€”
almalinux AlmaLinux Fixed 1 release
VersionStatusFixed in
9 Fixed go-toolset-1.21.9-2.el9_4.aarch64.rpm
redhat Red Hat Fixed 2 releases
VersionStatusFixed in
9 Fixed โ€”
8 Fixed โ€”
rockylinux Rocky Linux Fixed 2 releases
VersionStatusFixed in
9 Fixed โ€”
8 Fixed โ€”

Package impact
EcosystemPackageVulnerableFixed
golang Gostdlib>=1.22.0-0,<1.22.11.21.8

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.