CVE-2023-44270 - Vulnerability Details

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Postcss	Postcss
Redhat	Discovery Openshift Openshift Data Foundation Openshift Devspaces Openshift Gitops Service Mesh

Configuration 1 [-]

cpe:2.3:a:postcss:postcss:*:*:*:*:*:node.js:*:*

Package	CPE	Advisory	Released Date
Discovery 1 for RHEL 9
discovery/discovery-server-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
discovery/discovery-ui-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
Red Hat OpenShift Container Platform 4.17
openshift4/nmstate-console-plugin-rhel9:v4.17.0-202411261204.p0.gbc40e56.assembly.stream.el9	cpe:/a:redhat:openshift:4.17::el9	RHSA-2024:10517	2024-12-03T00:00:00Z
openshift4/ose-networking-console-plugin-rhel9:v4.17.0-202501150934.p0.g0244dff.assembly.stream.el9	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:0654	2025-01-28T00:00:00Z
Red Hat OpenShift Dev Spaces 3 Containers
devspaces/code-rhel9:3.18-6	cpe:/a:redhat:openshift_devspaces:3::el9	RHSA-2025:0892	2025-02-03T00:00:00Z
devspaces/dashboard-rhel9:3.18-10	cpe:/a:redhat:openshift_devspaces:3::el9	RHSA-2025:0892	2025-02-03T00:00:00Z
Red Hat OpenShift GitOps 1.14
openshift-gitops-argocd-container-v1.14.3-4	cpe:/a:redhat:openshift_gitops:1.14::el8	RHSA-2025:3069	2025-03-20T00:00:00Z
openshift-gitops-argocd-rhel9-container-v1.14.3-1	cpe:/a:redhat:openshift_gitops:1.14::el8	RHSA-2025:3069	2025-03-20T00:00:00Z
openshift-gitops-argo-rollouts-container-v1.14.3-4	cpe:/a:redhat:openshift_gitops:1.14::el8	RHSA-2025:3069	2025-03-20T00:00:00Z
openshift-gitops-console-plugin-container-v1.14.3-4	cpe:/a:redhat:openshift_gitops:1.14::el8	RHSA-2025:3069	2025-03-20T00:00:00Z
openshift-gitops-container-v1.14.3-4	cpe:/a:redhat:openshift_gitops:1.14::el8	RHSA-2025:3069	2025-03-20T00:00:00Z
openshift-gitops-dex-container-v1.14.3-4	cpe:/a:redhat:openshift_gitops:1.14::el8	RHSA-2025:3069	2025-03-20T00:00:00Z
openshift-gitops-kam-delivery-container-v1.14.3-4	cpe:/a:redhat:openshift_gitops:1.14::el8	RHSA-2025:3069	2025-03-20T00:00:00Z
openshift-gitops-must-gather-container-v1.14.3-4	cpe:/a:redhat:openshift_gitops:1.14::el8	RHSA-2025:3069	2025-03-20T00:00:00Z
openshift-gitops-operator-bundle-container-v1.14.3-4	cpe:/a:redhat:openshift_gitops:1.14::el8	RHSA-2025:3069	2025-03-20T00:00:00Z
openshift-gitops-operator-container-v1.14.3-4	cpe:/a:redhat:openshift_gitops:1.14::el8	RHSA-2025:3069	2025-03-20T00:00:00Z
Red Hat OpenShift Service Mesh 2.5 for RHEL 8
openshift-service-mesh/kiali-rhel8:1.73.17-1	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:10908	2024-12-10T00:00:00Z
RHODF-4.14-RHEL-9
odf4/ocs-client-console-rhel9:v4.14.16-2	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:1866	2025-02-26T00:00:00Z
odf4/odf-console-rhel9:v4.14.16-1	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:1866	2025-02-26T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.14.16-2	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:1866	2025-02-26T00:00:00Z
RHODF-4.15-RHEL-9
odf4/ocs-client-console-rhel9:v4.15.12-1	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:1865	2025-02-26T00:00:00Z
odf4/odf-console-rhel9:v4.15.12-1	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:1865	2025-02-26T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.15.12-1	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:1865	2025-02-26T00:00:00Z
RHODF-4.16-RHEL-9
odf4/ocs-client-console-rhel9:v4.16.8-1	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:1829	2025-02-25T00:00:00Z
odf4/odf-console-rhel9:v4.16.8-1	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:1829	2025-02-25T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.16.8-1	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:1829	2025-02-25T00:00:00Z
RHODF-4.17-RHEL-9
odf4/ocs-client-console-rhel9:v4.17.5-1	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2025:1824	2025-02-25T00:00:00Z
odf4/odf-console-rhel9:v4.17.5-1	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2025:1824	2025-02-25T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.17.5-2	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2025:1824	2025-02-25T00:00:00Z
RHODF-4.18-RHEL-9
odf4/ocs-client-console-rhel9:v4.18.0-65	cpe:/a:redhat:openshift_data_foundation:4.18::el9	RHSA-2025:2652	2025-03-11T00:00:00Z
odf4/odf-console-rhel9:v4.18.0-65	cpe:/a:redhat:openshift_data_foundation:4.18::el9	RHSA-2025:2652	2025-03-11T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.18.0-64	cpe:/a:redhat:openshift_data_foundation:4.18::el9	RHSA-2025:2652	2025-03-11T00:00:00Z

References

Link	Providers
https://github.com/github/advisory-database/issues/2820
https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25
https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5
https://github.com/postcss/postcss/releases/tag/8.4.31
https://nvd.nist.gov/vuln/detail/CVE-2023-44270
https://www.cve.org/CVERecord?id=CVE-2023-44270

History

Thu, 20 Mar 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Gitops
CPEs		cpe:/a:redhat:openshift_gitops:1.14::el8
Vendors & Products		Redhat openshift Gitops

Wed, 12 Mar 2025 06:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift_data_foundation:4.18::el9

Wed, 26 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift_data_foundation:4.14::el9 cpe:/a:redhat:openshift_data_foundation:4.15::el9

Tue, 25 Feb 2025 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Data Foundation
CPEs		cpe:/a:redhat:openshift_data_foundation:4.16::el9 cpe:/a:redhat:openshift_data_foundation:4.17::el9
Vendors & Products		Redhat openshift Data Foundation

Thu, 13 Feb 2025 00:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery Redhat openshift Devspaces
CPEs		cpe:/a:redhat:openshift_devspaces:3::el9 cpe:/o:redhat:discovery:1.0::el9
Vendors & Products		Redhat discovery Redhat openshift Devspaces

Tue, 10 Dec 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat service Mesh
CPEs		cpe:/a:redhat:service_mesh:2.5::el8
Vendors & Products		Redhat service Mesh

Wed, 04 Dec 2024 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat openshift
CPEs		cpe:/a:redhat:openshift:4.17::el9
Vendors & Products		Redhat Redhat openshift

Fri, 22 Nov 2024 15:30:00 +0000

Type	Values Removed	Values Added
Title		PostCSS: Improper input validation in PostCSS
Weaknesses		CWE-93
References		https://nvd.nist.gov/vuln/detail/CVE-2023-44270 https://www.cve.org/CVERecord?id=CVE-2023-44270
Metrics	threat_severity `None`	threat_severity `Moderate`

Mon, 23 Sep 2024 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-09-29T00:00:00

Updated: 2024-09-23T16:38:49.069Z

Reserved: 2023-09-28T00:00:00

Link: CVE-2023-44270

Vulnrichment

Updated: 2024-08-02T19:59:51.937Z

NVD

Status : Modified

Published: 2023-09-29T22:15:11.867

Modified: 2024-11-21T08:25:33.443

Link: CVE-2023-44270

Redhat

Severity : Moderate

Publid Date: 2023-09-29T00:00:00Z

Links: CVE-2023-44270 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-44270", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-23T16:38:49.069Z", "dateReserved": "2023-09-28T00:00:00", "datePublished": "2023-09-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-10T12:48:52.698160"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25"}, {"url": "https://github.com/postcss/postcss/releases/tag/8.4.31"}, {"url": "https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5"}, {"url": "https://github.com/github/advisory-database/issues/2820"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.937Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25", "tags": ["x_transferred"]}, {"url": "https://github.com/postcss/postcss/releases/tag/8.4.31", "tags": ["x_transferred"]}, {"url": "https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5", "tags": ["x_transferred"]}, {"url": "https://github.com/github/advisory-database/issues/2820", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T16:38:23.948037Z", "id": "CVE-2023-44270", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T16:38:49.069Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25", "tags": ["x_transferred"]}, {"url": "https://github.com/postcss/postcss/releases/tag/8.4.31", "tags": ["x_transferred"]}, {"url": "https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5", "tags": ["x_transferred"]}, {"url": "https://github.com/github/advisory-database/issues/2820", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.937Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44270", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-23T16:38:23.948037Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T16:38:38.654Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25"}, {"url": "https://github.com/postcss/postcss/releases/tag/8.4.31"}, {"url": "https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5"}, {"url": "https://github.com/github/advisory-database/issues/2820"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-10T12:48:52.698160"}}}, "cveMetadata": {"cveId": "CVE-2023-44270", "state": "PUBLISHED", "dateUpdated": "2024-09-23T16:38:49.069Z", "dateReserved": "2023-09-28T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-09-29T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postcss:postcss:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "FB38A6C8-B41F-41C9-9093-E46BAC3B54CB", "versionEndExcluding": "8.4.31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en PostCSS antes de la versi\u00f3n 8.4.31. La vulnerabilidad afecta a los linters que utilizan PostCSS para analizar CSS externos que no son de confianza. Un atacante puede preparar CSS de tal manera que contenga partes analizadas por PostCSS como un comentario CSS. Despu\u00e9s del procesamiento por PostCSS, se incluir\u00e1 en la salida de PostCSS en los nodos CSS (reglas, propiedades) a pesar de estar incluido en un comentario."}], "id": "CVE-2023-44270", "lastModified": "2024-11-21T08:25:33.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-29T22:15:11.867", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/github/advisory-database/issues/2820"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5"}, {"source": "cve@mitre.org", "tags": ["Patch", "Release Notes"], "url": "https://github.com/postcss/postcss/releases/tag/8.4.31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/github/advisory-database/issues/2820"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "https://github.com/postcss/postcss/releases/tag/8.4.31"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-server-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-ui-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2024:10517", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/nmstate-console-plugin-rhel9:v4.17.0-202411261204.p0.gbc40e56.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-12-03T00:00:00Z"}, {"advisory": "RHSA-2025:0654", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-networking-console-plugin-rhel9:v4.17.0-202501150934.p0.g0244dff.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:0892", "cpe": "cpe:/a:redhat:openshift_devspaces:3::el9", "package": "devspaces/code-rhel9:3.18-6", "product_name": "Red Hat OpenShift Dev Spaces 3 Containers", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2025:0892", "cpe": "cpe:/a:redhat:openshift_devspaces:3::el9", "package": "devspaces/dashboard-rhel9:3.18-10", "product_name": "Red Hat OpenShift Dev Spaces 3 Containers", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2025:3069", "cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8", "package": "openshift-gitops-argocd-container-v1.14.3-4", "product_name": "Red Hat OpenShift GitOps 1.14", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:3069", "cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8", "package": "openshift-gitops-argocd-rhel9-container-v1.14.3-1", "product_name": "Red Hat OpenShift GitOps 1.14", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:3069", "cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8", "package": "openshift-gitops-argo-rollouts-container-v1.14.3-4", "product_name": "Red Hat OpenShift GitOps 1.14", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:3069", "cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8", "package": "openshift-gitops-console-plugin-container-v1.14.3-4", "product_name": "Red Hat OpenShift GitOps 1.14", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:3069", "cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8", "package": "openshift-gitops-container-v1.14.3-4", "product_name": "Red Hat OpenShift GitOps 1.14", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:3069", "cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8", "package": "openshift-gitops-dex-container-v1.14.3-4", "product_name": "Red Hat OpenShift GitOps 1.14", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:3069", "cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8", "package": "openshift-gitops-kam-delivery-container-v1.14.3-4", "product_name": "Red Hat OpenShift GitOps 1.14", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:3069", "cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8", "package": "openshift-gitops-must-gather-container-v1.14.3-4", "product_name": "Red Hat OpenShift GitOps 1.14", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:3069", "cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8", "package": "openshift-gitops-operator-bundle-container-v1.14.3-4", "product_name": "Red Hat OpenShift GitOps 1.14", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:3069", "cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8", "package": "openshift-gitops-operator-container-v1.14.3-4", "product_name": "Red Hat OpenShift GitOps 1.14", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2024:10908", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-rhel8:1.73.17-1", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-12-10T00:00:00Z"}, {"advisory": "RHSA-2025:1866", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/ocs-client-console-rhel9:v4.14.16-2", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2025-02-26T00:00:00Z"}, {"advisory": "RHSA-2025:1866", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/odf-console-rhel9:v4.14.16-1", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2025-02-26T00:00:00Z"}, {"advisory": "RHSA-2025:1866", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.14.16-2", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2025-02-26T00:00:00Z"}, {"advisory": "RHSA-2025:1865", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-client-console-rhel9:v4.15.12-1", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2025-02-26T00:00:00Z"}, {"advisory": "RHSA-2025:1865", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-console-rhel9:v4.15.12-1", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2025-02-26T00:00:00Z"}, {"advisory": "RHSA-2025:1865", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.15.12-1", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2025-02-26T00:00:00Z"}, {"advisory": "RHSA-2025:1829", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/ocs-client-console-rhel9:v4.16.8-1", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2025-02-25T00:00:00Z"}, {"advisory": "RHSA-2025:1829", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-console-rhel9:v4.16.8-1", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2025-02-25T00:00:00Z"}, {"advisory": "RHSA-2025:1829", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.16.8-1", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2025-02-25T00:00:00Z"}, {"advisory": "RHSA-2025:1824", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package": "odf4/ocs-client-console-rhel9:v4.17.5-1", "product_name": "RHODF-4.17-RHEL-9", "release_date": "2025-02-25T00:00:00Z"}, {"advisory": "RHSA-2025:1824", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package": "odf4/odf-console-rhel9:v4.17.5-1", "product_name": "RHODF-4.17-RHEL-9", "release_date": "2025-02-25T00:00:00Z"}, {"advisory": "RHSA-2025:1824", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.17.5-2", "product_name": "RHODF-4.17-RHEL-9", "release_date": "2025-02-25T00:00:00Z"}, {"advisory": "RHSA-2025:2652", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package": "odf4/ocs-client-console-rhel9:v4.18.0-65", "product_name": "RHODF-4.18-RHEL-9", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2652", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package": "odf4/odf-console-rhel9:v4.18.0-65", "product_name": "RHODF-4.18-RHEL-9", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2652", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.18.0-64", "product_name": "RHODF-4.18-RHEL-9", "release_date": "2025-03-11T00:00:00Z"}], "bugzilla": {"description": "PostCSS: Improper input validation in PostCSS", "id": "2326998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326998"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-93", "details": ["An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment."], "mitigation": {"lang": "en:us", "value": "There's no known mitigation for this issue. Red Hat recommends to not parse untrusted CSS input using PostCSS."}, "name": "CVE-2023-44270", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:3", "fix_state": "Fix deferred", "package_name": "io.cryostat-cryostat3", "product_name": "Cryostat 3"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/logging-view-plugin-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Fix deferred", "package_name": "mta/mta-cli-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Fix deferred", "package_name": "mta/mta-ui-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Fix deferred", "package_name": "rhmtc/openshift-migration-ui-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Fix deferred", "package_name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Will not fix", "package_name": "multicluster-engine/console-mce-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Will not fix", "package_name": "multicluster-engine/multicluster-engine-console-mce-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Not affected", "package_name": "network-observability/network-observability-console-plugin-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Will not fix", "package_name": "workload-availability/node-remediation-console-rhel8", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed-tech-preview/lightspeed-console-plugin-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines-console-plugin-rhel8-container", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Will not fix", "package_name": "openshift-pipelines/pipelines-hub-api-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-db-migration-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Will not fix", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-ossmc-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Will not fix", "package_name": "aap-cloud-ui-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-eda-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-gateway", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:rhboac_hawtio:4", "fix_state": "Not affected", "package_name": "io.hawt-project", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "io.apicurio-apicurio-registry", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Affected", "package_name": "org.optaweb.vehiclerouting-optaweb-vehicle-routing", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:hybrid_cloud_gateway:1::el9", "fix_state": "Fix deferred", "package_name": "rhcl-console-plugin-container", "product_name": "Red Hat Connectivity Link"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Will not fix", "package_name": "org.infinispan-infinispan-console", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-operator-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Will not fix", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mozjs60", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "polkit", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "io.apicurio-apicurito", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "io.syndesis-syndesis-parent", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "package_name": "io.apicurio-apicurio-registry", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Affected", "package_name": "org.infinispan-infinispan-management-console", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Affected", "package_name": "org.jboss.hal-hal-parent", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "org.jboss.hal-hal-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.jboss.hal-hal-parent", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Will not fix", "package_name": "odh-dashboard-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "odh-operator-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-monitoring-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/mcg-core-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Fix deferred", "package_name": "rhods/odh-dashboard-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-operator-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-rhel8-operator", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "package_name": "devspaces/dashboard-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Not affected", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "org.kie-process-migration-service", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "org.uberfire-uberfire-parent", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "nodejs-css-loader", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "nodejs-css-minimizer-webpack-plugin", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "nodejs-optimize-css-assets-webpack-plugin", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Affected", "package_name": "rhtas/rekor-search-ui-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Affected", "package_name": "com.github.streamshub-console", "product_name": "streams for Apache Kafka"}], "public_date": "2023-09-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-44270\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-44270\nhttps://github.com/github/advisory-database/issues/2820\nhttps://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25\nhttps://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5\nhttps://github.com/postcss/postcss/releases/tag/8.4.31"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object