VDB
RHSA-2024%3A0271
RHSA-2024%3A0271
PUBLISHED
CVSS 6.099999904632568 MEDIUM
An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-logging/elasticsearch-rhel9-operator@sha256:6610a81367c9756c7594776df704eec06f850a7fa6d71e2e7d0f5d0d264f8ae4_arm64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/elasticsearch-rhel9-operator@sha256:6610a81367c9756c7594776df704eec06f850a7fa6d71e2e7d0f5d0d264f8ae4_arm64 |
| Red Hat | openshift-logging/vector-rhel9@sha256:48476d55920f42b3e23328f1a1c7061f1f012422c9fd76ce134d730c266e602c_amd64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/vector-rhel9@sha256:48476d55920f42b3e23328f1a1c7061f1f012422c9fd76ce134d730c266e602c_amd64 |
| Red Hat | openshift-logging/lokistack-gateway-rhel9@sha256:e4f68d74456f57ab2e0b9990b253b960e129215d02dcaa0056c9f792dce8f47c_ppc64le as a component of RHOL 5.8 for RHEL 9 | openshift-logging/lokistack-gateway-rhel9@sha256:e4f68d74456f57ab2e0b9990b253b960e129215d02dcaa0056c9f792dce8f47c_ppc64le |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel9@sha256:082467ef380546b4c735b500d4e1a265ab22fff833a4f3b2487aa5deca2c1fff_arm64 as a component of RHOL 5.8 for RHEL 9 | * |
| Red Hat | openshift-logging/elasticsearch-rhel9-operator@sha256:a74e0d9f9cb0e8832871cd46683dd016836895666ea1e5641dde03dfc5a6d366_s390x as a component of RHOL 5.8 for RHEL 9 | openshift-logging/elasticsearch-rhel9-operator@sha256:a74e0d9f9cb0e8832871cd46683dd016836895666ea1e5641dde03dfc5a6d366_s390x |
| Red Hat | openshift-logging/vector-rhel9@sha256:f68deb3d8ec1e158a98876d067b9795da5ac6c73b07c190355463f210d84f777_arm64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/vector-rhel9@sha256:f68deb3d8ec1e158a98876d067b9795da5ac6c73b07c190355463f210d84f777_arm64 |
| Red Hat | openshift-logging/logging-loki-rhel9@sha256:1912a174442d6dc57076f40da6a55f4c9ed99af5d9dc69d4012197c43a84f7f5_arm64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/logging-loki-rhel9@sha256:1912a174442d6dc57076f40da6a55f4c9ed99af5d9dc69d4012197c43a84f7f5_arm64 |
| Red Hat | openshift-logging/elasticsearch-rhel9-operator@sha256:bbf5559a1f54476343588d51b70051d53a528964d4a903ebb3b1059717f4047b_ppc64le as a component of RHOL 5.8 for RHEL 9 | openshift-logging/elasticsearch-rhel9-operator@sha256:bbf5559a1f54476343588d51b70051d53a528964d4a903ebb3b1059717f4047b_ppc64le |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel9@sha256:d2f6c4ca49c88013e393ef0a002a920a413d15d185bb37eccc790cbe8ed0ce1a_arm64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/elasticsearch-proxy-rhel9@sha256:d2f6c4ca49c88013e393ef0a002a920a413d15d185bb37eccc790cbe8ed0ce1a_arm64 |
| Red Hat | openshift-logging/loki-rhel9-operator@sha256:63a5a10f98a8e4b624bfdfba7a22ca4ddc06e484c0489f43984a4940c872a7f6_arm64 as a component of RHOL 5.8 for RHEL 9 | * |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel9@sha256:f4d85801afb9152dc18e19742c8c5fb9377029ebb27b34134babaa689898e63d_ppc64le as a component of RHOL 5.8 for RHEL 9 | openshift-logging/log-file-metric-exporter-rhel9@sha256:f4d85801afb9152dc18e19742c8c5fb9377029ebb27b34134babaa689898e63d_ppc64le |
| Red Hat | openshift-logging/opa-openshift-rhel9@sha256:acf20ad7502728e06d2c1b8c6045ab06a70ddd98dbeeb61da67bafc5034b0ccb_s390x as a component of RHOL 5.8 for RHEL 9 | openshift-logging/opa-openshift-rhel9@sha256:acf20ad7502728e06d2c1b8c6045ab06a70ddd98dbeeb61da67bafc5034b0ccb_s390x |
| Red Hat | openshift-logging/elasticsearch-rhel9-operator@sha256:9168f2c9a554251544847cdbc5011f9ae74e27aa1c176803327876ecfe88b73d_amd64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/elasticsearch-rhel9-operator@sha256:9168f2c9a554251544847cdbc5011f9ae74e27aa1c176803327876ecfe88b73d_amd64 |
| Red Hat | openshift-logging/logging-loki-rhel9@sha256:762c5b6ab9bd4f9c503bca18546552ab35ae4f2006f61b85ead8ad9c7f16f5b7_amd64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/logging-loki-rhel9@sha256:762c5b6ab9bd4f9c503bca18546552ab35ae4f2006f61b85ead8ad9c7f16f5b7_amd64 |
| Red Hat | openshift-logging/vector-rhel9@sha256:48476d55920f42b3e23328f1a1c7061f1f012422c9fd76ce134d730c266e602c_amd64 as a component of RHOL 5.8 for RHEL 9 | * |
| Red Hat | openshift-logging/opa-openshift-rhel9@sha256:acf20ad7502728e06d2c1b8c6045ab06a70ddd98dbeeb61da67bafc5034b0ccb_s390x as a component of RHOL 5.8 for RHEL 9 | openshift-logging/opa-openshift-rhel9@sha256:acf20ad7502728e06d2c1b8c6045ab06a70ddd98dbeeb61da67bafc5034b0ccb_s390x |
| Red Hat | openshift-logging/lokistack-gateway-rhel9@sha256:e4f68d74456f57ab2e0b9990b253b960e129215d02dcaa0056c9f792dce8f47c_ppc64le as a component of RHOL 5.8 for RHEL 9 | openshift-logging/lokistack-gateway-rhel9@sha256:e4f68d74456f57ab2e0b9990b253b960e129215d02dcaa0056c9f792dce8f47c_ppc64le |
| Red Hat | openshift-logging/logging-view-plugin-rhel9@sha256:f0583ebd88535e3c3a42b9d2e51bb5daa4bfc02a2ecdfa2047ed507276714d24_s390x as a component of RHOL 5.8 for RHEL 9 | openshift-logging/logging-view-plugin-rhel9@sha256:f0583ebd88535e3c3a42b9d2e51bb5daa4bfc02a2ecdfa2047ed507276714d24_s390x |
| Red Hat | openshift-logging/logging-curator5-rhel9@sha256:a79195d8555bdb337039076da493afa5759d4cae0ff8a71d17f06e2a181157bf_amd64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/logging-curator5-rhel9@sha256:a79195d8555bdb337039076da493afa5759d4cae0ff8a71d17f06e2a181157bf_amd64 |
| Red Hat | openshift-logging/lokistack-gateway-rhel9@sha256:6ca1c5cba53d81bd2deb524e137fab40230b88b134d75077e13e8464ab5d5a35_s390x as a component of RHOL 5.8 for RHEL 9 | * |
…and 98 more
Timeline
- Jan 17, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:0271 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2256413 issue
- https://issues.redhat.com/browse/LOG-4890 advisory
- https://issues.redhat.com/browse/LOG-4912 advisory
- https://issues.redhat.com/browse/LOG-4947 advisory
- https://issues.redhat.com/browse/LOG-4951 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0271.json advisory
- https://access.redhat.com/security/cve/CVE-2023-26159 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-26159 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-26159 advisory