{ "threat_severity" : "Moderate", "public_date" : "2024-01-16T00:00:00Z", "bugzilla" : { "description" : "gnutls: rejects certificate chain with distributed trust", "id" : "2258544", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258544" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-347", "details" : [ "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack." ], "statement" : "The issue is marked as moderate because it involves a vulnerability in GnuTLS, specifically affecting Cockpit, which utilizes GnuTLS. The vulnerability arises when a certificate chain with distributed trust is rejected during validation using cockpit-certificate-ensure. Although this flaw could potentially be exploited by an unauthenticated remote attacker to trigger a denial of service attack on the client, it's important to note that specific server configurations are required for client authentication requests.\nThis is a bug in the GnuTLS library, Cockpit does not copy this code, but uses the shared lib at runtime. Hence, patching gnutls is necessary and sufficient to address this, hance Cockpit is not affected by this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-01-29T00:00:00Z", "advisory" : "RHSA-2024:0533", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "gnutls-0:3.7.6-23.el9_3.3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-01-29T00:00:00Z", "advisory" : "RHSA-2024:0533", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "gnutls-0:3.7.6-23.el9_3.3" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-03-05T00:00:00Z", "advisory" : "RHSA-2024:1082", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "gnutls-0:3.7.6-21.el9_2.2" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/cephcsi-rhel9:v4.15.0-37" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/mcg-core-rhel9:v4.15.0-68" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/mcg-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/mcg-rhel9-operator:v4.15.0-39" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-client-console-rhel9:v4.15.0-58" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-client-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-client-rhel9-operator:v4.15.0-13" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-metrics-exporter-rhel9:v4.15.0-81" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-rhel9-operator:v4.15.0-79" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-cli-rhel9:v4.15.0-22" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-console-rhel9:v4.15.0-57" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-cosi-sidecar-rhel9:v4.15.0-6" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-csi-addons-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-csi-addons-rhel9-operator:v4.15.0-15" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-csi-addons-sidecar-rhel9:v4.15.0-15" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.15.0-54" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-multicluster-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-multicluster-rhel9-operator:v4.15.0-10" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-must-gather-rhel9:v4.15.0-26" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-rhel9-operator:v4.15.0-19" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odr-cluster-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odr-hub-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odr-rhel9-operator:v4.15.0-21" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/rook-ceph-rhel9-operator:v4.15.0-103" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/cluster-logging-operator-bundle:v5.8.6-22" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/cluster-logging-rhel9-operator:v5.8.6-11" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/elasticsearch6-rhel9:v6.8.1-407" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/elasticsearch-operator-bundle:v5.8.6-19" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-479" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/elasticsearch-rhel9-operator:v5.8.6-7" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/eventrouter-rhel9:v0.4.0-247" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/fluentd-rhel9:v5.8.6-5" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-227" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/logging-curator5-rhel9:v5.8.1-470" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/logging-loki-rhel9:v2.9.6-14" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/logging-view-plugin-rhel9:v5.8.6-2" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/loki-operator-bundle:v5.8.6-24" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/loki-rhel9-operator:v5.8.6-10" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/lokistack-gateway-rhel9:v0.1.0-525" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/opa-openshift-rhel9:v0.1.0-224" }, { "product_name" : "RHOL-5.8-RHEL-9", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2094", "cpe" : "cpe:/a:redhat:logging:5.8::el9", "package" : "openshift-logging/vector-rhel9:v0.28.1-56" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "gnutls", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "cockpit", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "gnutls", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "cockpit", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "gnutls", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "cockpit", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Not affected", "package_name" : "cockpit", "cpe" : "cpe:/a:redhat:openshift:3.11" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-0567\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0567\nhttps://gitlab.com/gnutls/gnutls/-/issues/1521\nhttps://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html" ], "name" : "CVE-2024-0567", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }