VDB
RHSA-2022%3A5704
RHSA-2022%3A5704
PUBLISHED
CVSS 8 HIGH
A flaw was found in go-tuf. This flaw allows an attacker to cause clients to install older software than the software the client previously knew to be available and may include software with known vulnerabilities.
Risk Scores
CVSS 3.1
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64 as a component of RHACS 3.71 for RHEL 8 | advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64 |
| Red Hat | advanced-cluster-security/rhacs-collector-rhel8@sha256:7dae7101375d853f1e92abb2ea329aff92facd173aa2e59e55da90b69c0505ea_amd64 as a component of RHACS 3.71 for RHEL 8 | * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc_amd64 as a component of RHACS 3.71 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc_amd64 |
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c_amd64 as a component of RHACS 3.71 for RHEL 8 | * |
| Red Hat | advanced-cluster-security/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001_amd64 as a component of RHACS 3.71 for RHEL 8 | advanced-cluster-security/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001_amd64 |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb_amd64 as a component of RHACS 3.71 for RHEL 8 | * |
| Red Hat | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124_amd64 as a component of RHACS 3.71 for RHEL 8 | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124_amd64 |
| Red Hat | advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64 as a component of RHACS 3.71 for RHEL 8 | advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64 |
| Red Hat | advanced-cluster-security/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338_amd64 as a component of RHACS 3.71 for RHEL 8 | advanced-cluster-security/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338_amd64 |
| Red Hat | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075_amd64 as a component of RHACS 3.71 for RHEL 8 | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8b2b996474530a4cf9a8269f3a1ccb944a9d898f842748a2c9d9e91a74f0454c_amd64 as a component of RHACS 3.71 for RHEL 8 | * |
Timeline
- Jul 25, 2022 CVE Published
- Apr 24, 2026 CVE Updated
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2022:5704 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2082400 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5704.json advisory
- https://access.redhat.com/security/cve/CVE-2022-29173 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-29173 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-29173 advisory
- https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj advisory