VDB
RHSA-2024%3A1265
RHSA-2024%3A1265
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A flaw was found in the helm package. The 'getHostByName' is a Helm template function introduced in Helm v3 and can accept a hostname and return an IP address for that hostname. To get the IP address, the function performs a DNS lookup. The DNS lookup happens when used with 'helm install|upgrade|template' or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to look up the IP address. For example, a malicious chart could inject getHostByName into a chart to disclose values to a malicious DNS server.
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-csi-node-driver-registrar-rhel8@sha256:c84a07bf89c2251bdc8f47afbe2c252320cd406e6a71a2aa7e6ab597c1037647_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-node-driver-registrar-rhel8@sha256:c84a07bf89c2251bdc8f47afbe2c252320cd406e6a71a2aa7e6ab597c1037647_amd64, openshift4/ose-csi-node-driver-registrar-rhel8@sha256:c84a07bf89c2251bdc8f47afbe2c252320cd406e6a71a2aa7e6ab597c1037647_amd64 |
| Red Hat | openshift4/ose-cluster-dns-operator@sha256:4c62de809142d32c44bbdb51c50ee5b586f853fff7e16f5f435dcc3aebb2454c_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-dns-operator@sha256:4c62de809142d32c44bbdb51c50ee5b586f853fff7e16f5f435dcc3aebb2454c_ppc64le |
| Red Hat | openshift4/ose-cluster-node-tuning-operator@sha256:a28ddd2a89b008f56a57066f971b020e0ccc2da82a66bda01433f6299c9762a5_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-node-tuning-operator@sha256:a28ddd2a89b008f56a57066f971b020e0ccc2da82a66bda01433f6299c9762a5_ppc64le |
| Red Hat | openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:6100c03e2164b3b70759b4ef9d64bf1fc39ba109f43658cb78b3f78bbbd6b26d_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:6100c03e2164b3b70759b4ef9d64bf1fc39ba109f43658cb78b3f78bbbd6b26d_s390x, openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:6100c03e2164b3b70759b4ef9d64bf1fc39ba109f43658cb78b3f78bbbd6b26d_s390x |
| Red Hat | openshift4/ose-coredns@sha256:ee42b62ae8fd01b469c93d905f746e9624bafdf91b37ce45554235015e1f285e_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-coredns@sha256:ee42b62ae8fd01b469c93d905f746e9624bafdf91b37ce45554235015e1f285e_arm64 |
| Red Hat | openshift4/ose-cluster-bootstrap@sha256:78876ac6bc87a3277c2c0d8c067e9466ff16616145965bcb07c5ffcd5a623a47_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-bootstrap@sha256:78876ac6bc87a3277c2c0d8c067e9466ff16616145965bcb07c5ffcd5a623a47_amd64 |
| Red Hat | openshift4/ose-cluster-openshift-apiserver-operator@sha256:059eb282b0c6419f7bd5b1d4a6e007ef285aa3a1bee82726e0ba9aad6f5ae835_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-openshift-apiserver-operator@sha256:059eb282b0c6419f7bd5b1d4a6e007ef285aa3a1bee82726e0ba9aad6f5ae835_s390x |
| Red Hat | openshift4/ose-baremetal-machine-controllers@sha256:ae0ae513ddfa55e88acf84894990517d69e45afba5a86586b9a7e0158b31f1fc_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-baremetal-machine-controllers@sha256:ae0ae513ddfa55e88acf84894990517d69e45afba5a86586b9a7e0158b31f1fc_amd64, openshift4/ose-baremetal-machine-controllers@sha256:ae0ae513ddfa55e88acf84894990517d69e45afba5a86586b9a7e0158b31f1fc_amd64 |
| Red Hat | openshift4/ose-agent-installer-csr-approver-rhel8@sha256:886749dc369b7f6fe73c4191b55a86610fd70d5ab4e9ea62d8664c45cbf47f14_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-agent-installer-csr-approver-rhel8@sha256:886749dc369b7f6fe73c4191b55a86610fd70d5ab4e9ea62d8664c45cbf47f14_s390x |
| Red Hat | openshift4/ose-csi-external-provisioner@sha256:eb9e0d790d6b3f5298714c09cc96ea8edc801e4a3200f13273b7b894a4ee8a05_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, * |
| Red Hat | openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:1930e8970eaf09a4577a96ce2ef582af046543832375426564c6ebe6e5e92cf9_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:1930e8970eaf09a4577a96ce2ef582af046543832375426564c6ebe6e5e92cf9_arm64 |
| Red Hat | openshift4/ose-openstack-cinder-csi-driver-rhel8-operator@sha256:d27f1740af99aa006b6b8b27697915b1383cdaafec38f79827448c9326fac741_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-openstack-cinder-csi-driver-rhel8-operator@sha256:d27f1740af99aa006b6b8b27697915b1383cdaafec38f79827448c9326fac741_s390x, openshift4/ose-openstack-cinder-csi-driver-rhel8-operator@sha256:d27f1740af99aa006b6b8b27697915b1383cdaafec38f79827448c9326fac741_s390x |
| Red Hat | openshift4/ovirt-csi-driver-rhel7@sha256:52161b7f0de7b2bb7ecf556f75667ed7bc33ac8b1e9033f2a1cb350c45af96bd_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ovirt-csi-driver-rhel7@sha256:52161b7f0de7b2bb7ecf556f75667ed7bc33ac8b1e9033f2a1cb350c45af96bd_arm64, openshift4/ovirt-csi-driver-rhel7@sha256:52161b7f0de7b2bb7ecf556f75667ed7bc33ac8b1e9033f2a1cb350c45af96bd_arm64 |
| Red Hat | openshift4/ose-ironic-rhel9@sha256:b4b915e4c06f64dd2f588ef7b6def9043461c6f6de3a7e799f6e5d9f04ca368d_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-ironic-rhel9@sha256:b4b915e4c06f64dd2f588ef7b6def9043461c6f6de3a7e799f6e5d9f04ca368d_amd64 |
| Red Hat | openshift4/ose-aws-cluster-api-controllers-rhel8@sha256:00137d6388917a32049edb7ea47749a5cf378ea85ddfdf188bf9efd518813500_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-aws-cluster-api-controllers-rhel8@sha256:00137d6388917a32049edb7ea47749a5cf378ea85ddfdf188bf9efd518813500_arm64 |
| Red Hat | openshift4/ose-installer@sha256:d1f8ca0e60d7d17c7e906f65d2943b04b39d35a5ff2159270cb80534e6e0de15_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-installer@sha256:d1f8ca0e60d7d17c7e906f65d2943b04b39d35a5ff2159270cb80534e6e0de15_arm64, * |
| Red Hat | openshift4/ose-cluster-ingress-operator@sha256:7bf227f7199d30a7629287af18df0fe0f37f0a4ab29b003bd7693b17c786d8a1_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-cluster-ingress-operator@sha256:7bf227f7199d30a7629287af18df0fe0f37f0a4ab29b003bd7693b17c786d8a1_ppc64le |
| Red Hat | openshift4/ose-prom-label-proxy@sha256:61f6f0c9902709a0634ab4cf7555b733393a46917b656c39042e7d9ad9aadebb_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-prom-label-proxy@sha256:61f6f0c9902709a0634ab4cf7555b733393a46917b656c39042e7d9ad9aadebb_ppc64le, openshift4/ose-prom-label-proxy@sha256:61f6f0c9902709a0634ab4cf7555b733393a46917b656c39042e7d9ad9aadebb_ppc64le |
| Red Hat | openshift4/ose-csi-snapshot-controller-rhel8@sha256:441dcc0b7e3adbfb5cb15f660f301c89679b2743ae20dc7a9c3e0b75aabbcb90_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-snapshot-controller-rhel8@sha256:441dcc0b7e3adbfb5cb15f660f301c89679b2743ae20dc7a9c3e0b75aabbcb90_amd64 |
| Red Hat | openshift4/ose-cluster-capi-rhel8-operator@sha256:2492be4d4efb15b6b61d63b294c693110932be4810a8ac687109fe9d4fd67e85_s390x as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-cluster-capi-rhel8-operator@sha256:2492be4d4efb15b6b61d63b294c693110932be4810a8ac687109fe9d4fd67e85_s390x |
…and 1264 more
Timeline
- Mar 20, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 7, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:1265 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2168458 issue
- https://issues.redhat.com/browse/OCPBUGS-16243 advisory
- https://issues.redhat.com/browse/OCPBUGS-19659 advisory
- https://issues.redhat.com/browse/OCPBUGS-30096 advisory
- https://issues.redhat.com/browse/OCPBUGS-30329 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1265.json advisory
- https://access.redhat.com/security/cve/CVE-2023-25165 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-25165 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-25165 advisory
- https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8 advisory