{
  "threat_severity" : "Moderate",
  "public_date" : "2024-07-02T00:00:00Z",
  "bugzilla" : {
    "description" : "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors",
    "id" : "2295302",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2295302"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-346",
  "details" : [ "parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.", "A flaw was found in the gin-gonic CORS middleware. Affected versions of this package are vulnerable to an Origin Validation Error due to the mishandling of wildcard characters at the end of an origin string. This flaw could allow an attacker to bypass intended CORS restrictions by crafting origin strings that exploit this wildcard handling." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Migration Toolkit for Containers 1.8",
    "release_date" : "2024-09-26T00:00:00Z",
    "advisory" : "RHSA-2024:7164",
    "cpe" : "cpe:/a:redhat:rhmt:1.8::el8",
    "package" : "rhmtc/openshift-migration-controller-rhel8:v1.8.4-22"
  } ],
  "package_state" : [ {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-api-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-controller-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-openstack-populator-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-populator-controller-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-rhel8-operator",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-rhv-populator-rhel8",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-validation-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-virt-v2v-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-25211\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25211\nhttps://github.com/advisories/GHSA-869c-j7wc-8jqv\nhttps://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d\nhttps://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0\nhttps://github.com/gin-contrib/cors/pull/106\nhttps://github.com/gin-contrib/cors/pull/57\nhttps://github.com/gin-contrib/cors/releases/tag/v1.6.0" ],
  "name" : "CVE-2019-25211",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}