{
  "threat_severity" : "Moderate",
  "public_date" : "2023-07-03T00:00:00Z",
  "bugzilla" : {
    "description" : "coredns: CD bit response is cached and served later",
    "id" : "2219234",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2219234"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-524",
  "details" : [ "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.", "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching." ],
  "acknowledgement" : "This issue was discovered by Petr Mensik (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4.13",
    "release_date" : "2024-09-04T00:00:00Z",
    "advisory" : "RHSA-2024:6009",
    "cpe" : "cpe:/a:redhat:openshift:4.13::el8",
    "package" : "openshift4/ose-coredns:v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.14",
    "release_date" : "2024-09-11T00:00:00Z",
    "advisory" : "RHSA-2024:6406",
    "cpe" : "cpe:/a:redhat:openshift:4.14::el8",
    "package" : "openshift4/ose-coredns:v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.15",
    "release_date" : "2024-07-31T00:00:00Z",
    "advisory" : "RHSA-2024:4850",
    "cpe" : "cpe:/a:redhat:openshift:4.15::el9",
    "package" : "openshift4/ose-coredns-rhel9:v4.15.0-202407230407.p0.g1326282.assembly.stream.el9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.16",
    "release_date" : "2024-06-27T00:00:00Z",
    "advisory" : "RHSA-2024:0041",
    "cpe" : "cpe:/a:redhat:openshift:4.16::el9",
    "package" : "openshift4/ose-coredns-rhel9:v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Logging Subsystem for Red Hat OpenShift",
    "fix_state" : "Not affected",
    "package_name" : "openshift-logging/logging-loki-rhel8",
    "cpe" : "cpe:/a:redhat:logging:5",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Will not fix",
    "package_name" : "rhacm2/lighthouse-agent-rhel9",
    "cpe" : "cpe:/a:redhat:acm:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-0874\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0874\nhttps://github.com/coredns/coredns/issues/6186\nhttps://github.com/coredns/coredns/pull/6354" ],
  "name" : "CVE-2024-0874",
  "csaw" : false
}