The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0853.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Network Observability 1.5.0 for OpenShift
Advisory ID: RHSA-2024:0853-03
Product: Network Observability
Advisory URL: https://access.redhat.com/errata/RHSA-2024:0853
Issue date: 2024-02-21
Revision: 03
CVE Names: CVE-2023-26159
====================================================================
Summary:
Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent.
The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.
Description:
Network Observability 1.5.0
Security Fix(es):
* CVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2023-26159
References:
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2256413
https://issues.redhat.com/browse/NETOBSERV-1134
https://issues.redhat.com/browse/NETOBSERV-1225
https://issues.redhat.com/browse/NETOBSERV-1286
https://issues.redhat.com/browse/NETOBSERV-1293
https://issues.redhat.com/browse/NETOBSERV-1305
https://issues.redhat.com/browse/NETOBSERV-1311
https://issues.redhat.com/browse/NETOBSERV-1313
https://issues.redhat.com/browse/NETOBSERV-1316
https://issues.redhat.com/browse/NETOBSERV-1335
https://issues.redhat.com/browse/NETOBSERV-1341
https://issues.redhat.com/browse/NETOBSERV-1351
https://issues.redhat.com/browse/NETOBSERV-1380
https://issues.redhat.com/browse/NETOBSERV-1430
https://issues.redhat.com/browse/NETOBSERV-1443
https://issues.redhat.com/browse/NETOBSERV-1464
https://issues.redhat.com/browse/NETOBSERV-245
https://issues.redhat.com/browse/NETOBSERV-657
https://issues.redhat.com/browse/NETOBSERV-676
https://issues.redhat.com/browse/NETOBSERV-763