VDB

RHSA-2023%3A0032

RHSA-2023%3A0032 PUBLISHED CVSS 9.100000381469727 CRITICAL

An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity.

Risk Scores

CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-openshift-apiserver-rhel8@sha256:dce1479b0dd91cce21185c924f31a5558943b74d9cf6258e7e5bc775d6e8ad1d_ppc64le as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-openshift-apiserver-rhel8@sha256:dce1479b0dd91cce21185c924f31a5558943b74d9cf6258e7e5bc775d6e8ad1d_ppc64le
Red Hatopenshift4/network-tools-rhel8@sha256:8573b14ea58d4d872f0ec62350f889d86da8711bbe1b54d561be180223a8b6b1_s390x as a component of Red Hat OpenShift Container Platform 4.10openshift4/network-tools-rhel8@sha256:8573b14ea58d4d872f0ec62350f889d86da8711bbe1b54d561be180223a8b6b1_s390x
Red Hatopenshift4/ose-openshift-apiserver-rhel8@sha256:bb0d12d26b7c9904681a61c359763d06528df582965d2c28ff5423f2ad2138f3_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-openshift-apiserver-rhel8@sha256:bb0d12d26b7c9904681a61c359763d06528df582965d2c28ff5423f2ad2138f3_amd64
Red Hatopenshift4/ose-grafana@sha256:b927822381bdccdfc57efc1f4cffc40a781597a67a6ccacc624ec1e124c1014b_ppc64le as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-grafana@sha256:b927822381bdccdfc57efc1f4cffc40a781597a67a6ccacc624ec1e124c1014b_ppc64le
Red Hatopenshift4/ose-ovn-kubernetes@sha256:147592ec0d9bc7cfa4c47e0febf21499eef786eca0cd6d3225b71671b56c0fa6_s390x as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-ovn-kubernetes@sha256:147592ec0d9bc7cfa4c47e0febf21499eef786eca0cd6d3225b71671b56c0fa6_s390x
Red Hatopenshift4/network-tools-rhel8@sha256:2f2c2be1b97c09f241f03ff7d95ea3b70b7890a6f3d1c0e5f84def067fbc9035_ppc64le as a component of Red Hat OpenShift Container Platform 4.10openshift4/network-tools-rhel8@sha256:2f2c2be1b97c09f241f03ff7d95ea3b70b7890a6f3d1c0e5f84def067fbc9035_ppc64le
Red Hatopenshift4/ose-coredns@sha256:2f792595bb47820f42a7cb86946232ede38a080f71a8dcd70472fa5f0ba17878_ppc64le as a component of Red Hat OpenShift Container Platform 4.10*
Red Hatopenshift4/ose-openshift-apiserver-rhel8@sha256:4e00dae6f99334c436691dcc84477a2825fa9b9bee7bbcdb6c41f52ee8752954_arm64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-openshift-apiserver-rhel8@sha256:4e00dae6f99334c436691dcc84477a2825fa9b9bee7bbcdb6c41f52ee8752954_arm64
Red Hatopenshift4/ose-jenkins@sha256:403f508fac0b60ffbe94305d0207d445b2ef9f8e8213dddf2e270cd8aab39c60_arm64 as a component of Red Hat OpenShift Container Platform 4.10*
Red Hatopenshift4/network-tools-rhel8@sha256:44b9a12ae0b7f4ab8aa2d3950e3a5051b22fd021e04d0239c2c9dedf9093e796_arm64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/network-tools-rhel8@sha256:44b9a12ae0b7f4ab8aa2d3950e3a5051b22fd021e04d0239c2c9dedf9093e796_arm64
Red Hatopenshift4/ose-installer-artifacts@sha256:22730c4e8968b3de3250aa88dbadace1b1bfb6f829e59acd524eca4da44ebe93_ppc64le as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-installer-artifacts@sha256:22730c4e8968b3de3250aa88dbadace1b1bfb6f829e59acd524eca4da44ebe93_ppc64le
Red Hatopenshift4/ose-jenkins@sha256:e7e167fb7a1da4915352db4c3b880e16600609f51aa3298c804754d1aebb1498_s390x as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-jenkins@sha256:e7e167fb7a1da4915352db4c3b880e16600609f51aa3298c804754d1aebb1498_s390x
Red Hatopenshift4/ose-installer@sha256:c2474f55e91e9ca0d23539e4c4ca76d40253ff4f6b98714a7ad4b754b68c1441_s390x as a component of Red Hat OpenShift Container Platform 4.10*
Red Hatopenshift4/ose-grafana@sha256:8699c2d0eaf805462510f70e326f4d495b109572df73e7361593263e889e6107_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-grafana@sha256:8699c2d0eaf805462510f70e326f4d495b109572df73e7361593263e889e6107_amd64
Red Hatopenshift4/ose-ovn-kubernetes@sha256:64b2bcf2d11e1c3242e44c631bbeecf1a43fa47b9b9e08c00e959f03d7eff791_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-ovn-kubernetes@sha256:64b2bcf2d11e1c3242e44c631bbeecf1a43fa47b9b9e08c00e959f03d7eff791_amd64
Red Hatopenshift4/ose-jenkins@sha256:ddc8129bfaf77caabfaf300b9fe74539cd28816b483db25eb39e43cdc45b5a45_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-jenkins@sha256:ddc8129bfaf77caabfaf300b9fe74539cd28816b483db25eb39e43cdc45b5a45_amd64
Red Hatopenshift4/ose-coredns@sha256:a183b9a24e62b41660b9a435202d3f85c68bbb444dd681d9da46f3eae53659ef_s390x as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-coredns@sha256:a183b9a24e62b41660b9a435202d3f85c68bbb444dd681d9da46f3eae53659ef_s390x
Red Hatopenshift4/ose-coredns@sha256:1a48579f26ed0fef40069a14b9b95a3062db29bec31c0426136161f40ee18314_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-coredns@sha256:1a48579f26ed0fef40069a14b9b95a3062db29bec31c0426136161f40ee18314_amd64
Red Hatopenshift4/ose-installer-artifacts@sha256:ecf132565c23974b8a88b6bd20d62124dcd6ec22656f64bc8a33f8023f34d5a2_s390x as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-installer-artifacts@sha256:ecf132565c23974b8a88b6bd20d62124dcd6ec22656f64bc8a33f8023f34d5a2_s390x
Red Hatopenshift4/ose-installer-artifacts@sha256:5f4bf22946d33bc45a1e0f16097ca56fab6344c937866a49ff1128c22a68b28c_arm64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-installer-artifacts@sha256:5f4bf22946d33bc45a1e0f16097ca56fab6344c937866a49ff1128c22a68b28c_arm64

…and 17 more

Timeline

  • Jan 10, 2023 CVE Published
  • Mar 21, 2026 CVE Updated
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›