Show plain JSON{"affected_release": [{"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-governance-policy-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-grafana-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-prometheus-config-reloader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-prometheus-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-volsync-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "cluster-backup-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "insights-client-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "insights-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "klusterlet-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "kube-rbac-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "kube-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicloud-integrations-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "node-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "prometheus-alertmanager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "prometheus-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2025:0595", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "redis:6-8100020250113083959.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-22T00:00:00Z"}], "bugzilla": {"description": "redis: Insufficient validation of HINCRBYFLOAT command", "id": "2187525", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187525"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.", "A vulnerability was found in Redis. This flaw allows authenticated users to use the HINCRBYFLOAT command to create an invalid hash field that may crash Redis on access."], "name": "CVE-2023-28856", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/search-api-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "redis", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "redis", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite:el8/rubygem-gitlab-sidekiq-fetcher", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-redis6-redis", "product_name": "Red Hat Software Collections"}], "public_date": "2023-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-28856\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28856\nhttps://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6"], "threat_severity": "Moderate"}