RHSA-2023%3A6061
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | *, openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64, openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64 |
| Red Hat | openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64, *, openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64 |
| Red Hat | openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8 | *, *, * |
| Red Hat | openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le, *, openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le |
| Red Hat | openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le, openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le, openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le |
| Red Hat | openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64, openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64, * |
| Red Hat | openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64, openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64, openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64 |
| Red Hat | openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64, *, * |
| Red Hat | openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64, *, openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64 |
| Red Hat | openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64, openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64, openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64 |
| Red Hat | openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | *, openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64, * |
| Red Hat | openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le, openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le, * |
| Red Hat | openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le, *, openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le |
| Red Hat | openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64, openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64, openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64 |
| Red Hat | openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | *, openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64, openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64 |
| Red Hat | openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64, openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64, openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64 |
| Red Hat | openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64, *, * |
| Red Hat | openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64, openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64, * |
| Red Hat | openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x, *, openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x |
| Red Hat | openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8 | openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x, openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x, openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x |
…and 181 more
Timeline
- Oct 23, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:6061 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://docs.openshift.com/pipelines/1.12/about/understanding-openshift-pipelines.html advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/SRVKP-3550 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6061.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
- https://github.com/dotnet/announcements/issues/277 advisory
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit