{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-42461", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-07T18:33:09.133Z", "dateReserved": "2024-08-02T00:00:00", "datePublished": "2024-08-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-02T07:08:26.577444"}, "descriptions": [{"lang": "en", "value": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/indutny/elliptic/pull/317"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-347", "lang": "en", "description": "CWE-347 Improper Verification of Cryptographic Signature"}]}], "affected": [{"vendor": "elliptic_project", "product": "elliptic", "cpes": ["cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.5.6", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-07T18:28:40.396125Z", "id": "CVE-2024-42461", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T18:33:09.133Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-42461", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-07T18:28:40.396125Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*"], "vendor": "elliptic_project", "product": "elliptic", "versions": [{"status": "affected", "version": "6.5.6"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T18:29:37.103Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/indutny/elliptic/pull/317"}], "descriptions": [{"lang": "en", "value": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-02T07:08:26.577444"}}}, "cveMetadata": {"cveId": "CVE-2024-42461", "state": "PUBLISHED", "dateUpdated": "2024-08-07T18:33:09.133Z", "dateReserved": "2024-08-02T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-08-02T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*", "matchCriteriaId": "EAFFCBB8-D7CC-49D0-A052-D1FAAF4F3C33", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed."}, {"lang": "es", "value": " En el paquete Elliptic 6.5.6 para Node.js, la maleabilidad de la firma ECDSA se produce porque se permiten firmas codificadas con BER."}], "id": "CVE-2024-42461", "lastModified": "2024-08-16T16:51:40.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-02T07:16:10.230", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/indutny/elliptic/pull/317"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-347"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/agent-service-rhel8:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-image-service-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-installer-agent-rhel8:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-installer-reporter-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-installer-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/hive-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/addon-manager-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/apiserver-network-proxy-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/aws-encryption-provider-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/backplane-rhel9-operator:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-provider-aws-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-provider-azure-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-provider-kubevirt-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/clusterclaims-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-curator-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-image-set-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/clusterlifecycle-state-metrics-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-proxy-addon-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-proxy-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/discovery-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/hypershift-cli-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/hypershift-rhel9-operator:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/image-based-install-rhel9:v2.5.7-7", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/klusterlet-operator-bundle:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/kube-rbac-proxy-mce-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/managedcluster-import-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/mce-operator-bundle:v2.5.7-6", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicloud-manager-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-console-mce-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-hypershift-addon-rhel9-operator:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-managed-serviceaccount-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/must-gather-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/placement-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/provider-credential-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/registration-operator-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/registration-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/work-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-cluster-permission-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-governance-policy-addon-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-governance-policy-framework-addon-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-grafana-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-must-gather-rhel9:v2.10.6-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-operator-bundle:v2.10.6-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-prometheus-config-reloader-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-prometheus-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-indexer-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-v2-api-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-v2-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-volsync-addon-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/cert-policy-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/cluster-backup-rhel9-operator:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/config-policy-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/console-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/endpoint-monitoring-rhel9-operator:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/governance-policy-propagator-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/grafana-dashboard-loader-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/iam-policy-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/insights-client-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/insights-metrics-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/klusterlet-addon-controller-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/kube-rbac-proxy-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/kube-state-metrics-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/memcached-exporter-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/memcached-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/metrics-collector-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicloud-integrations-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multiclusterhub-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-observability-rhel9-operator:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-application-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-channel-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-subscription-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/node-exporter-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/observatorium-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/observatorium-rhel9-operator:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/prometheus-alertmanager-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/prometheus-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/rbac-query-proxy-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/search-collector-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/submariner-addon-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/thanos-receive-controller-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/thanos-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/grafana-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/kiali-rhel8:1.65.15-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/pilot-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/grafana-rhel8:2.5.4-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.5.4-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.5.4-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-ossmc-rhel8:1.73.13-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-rhel8:1.73.14-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/pilot-rhel8:2.5.4-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.5.4-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.5.4-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}], "bugzilla": {"description": "elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed", "id": "2302460", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302460"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-325", "details": ["In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.", "A flaw was found in the Elliptic package for Node.js. ECDSA signatures encoded in BER format are improperly validated, allowing leading zeros to be added to the signature without invalidating it, resulting in confidentiality issues."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42461", "package_state": [{"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Not affected", "package_name": "openshift-builds/openshift-builds-controller-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Not affected", "package_name": "openshift-builds/openshift-builds-git-cloner-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Not affected", "package_name": "openshift-builds/openshift-builds-image-bundler-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Not affected", "package_name": "openshift-builds/openshift-builds-image-processing-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Not affected", "package_name": "openshift-builds/openshift-builds-rhel9-operator", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Not affected", "package_name": "openshift-builds/openshift-builds-shared-resource-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Not affected", "package_name": "openshift-builds/openshift-builds-shared-resource-webhook-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Not affected", "package_name": "openshift-builds/openshift-builds-waiters-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Not affected", "package_name": "openshift-builds/openshift-builds-webhook-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed:1", "fix_state": "Not affected", "package_name": "openshift-lightspeed-beta/lightspeed-rhel9-operator", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-api-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-db-migration-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "elliptic", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "elliptic", "product_name": "Red Hat build of Apicurio Registry"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-hub-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-operator-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mozjs60", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "polkit", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "rhel9/bootc-image-builder", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Affected", "package_name": "elliptic", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Will not fix", "package_name": "elliptic", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Affected", "package_name": "elliptic", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "elliptic", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "elliptic", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift_cluster_manager_cli:1", "fix_state": "Affected", "package_name": "ocm-cli-clients/ocm-cli-rhel9", "product_name": "Red Hat OpenShift Cluster Manager CLI"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "openshift3/ose-console", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/mcg-core-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/dashboard-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/pluginregistry-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Not affected", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argo-rollouts-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "elliptic", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:trusted_application_pipeline:1", "fix_state": "Affected", "package_name": "/rh-syft", "product_name": "Red Hat Trusted Application Pipeline"}, {"cpe": "cpe:/a:redhat:trusted_application_pipeline:1", "fix_state": "Affected", "package_name": "rh-syft-tech-preview/syft-rhel9", "product_name": "Red Hat Trusted Application Pipeline"}, {"cpe": "cpe:/a:redhat:trusted_application_pipeline:1", "fix_state": "Affected", "package_name": "rhtap-build-tenant/rh-syft", "product_name": "Red Hat Trusted Application Pipeline"}], "public_date": "2024-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42461\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42461\nhttps://github.com/indutny/elliptic/pull/317"], "threat_severity": "Moderate"}