VDB
RHSA-2024%3A1925
RHSA-2024%3A1925
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhmtc/openshift-migration-ui-rhel8@sha256:902ba355ec98d5d07c8994f0a7897ce1403dad657d6c8e3aa9a0d7adcbcec515_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-ui-rhel8@sha256:902ba355ec98d5d07c8994f0a7897ce1403dad657d6c8e3aa9a0d7adcbcec515_amd64, rhmtc/openshift-migration-ui-rhel8@sha256:902ba355ec98d5d07c8994f0a7897ce1403dad657d6c8e3aa9a0d7adcbcec515_amd64, rhmtc/openshift-migration-ui-rhel8@sha256:902ba355ec98d5d07c8994f0a7897ce1403dad657d6c8e3aa9a0d7adcbcec515_amd64 |
| Red Hat | rhmtc/openshift-migration-hook-runner-rhel8@sha256:b23a8caf24c7006abd0b60d30d0274f65c3e246ee9afa4172dbdfcfdb1ab1f56_amd64 as a component of 8Base-RHMTC-1.8 | *, rhmtc/openshift-migration-hook-runner-rhel8@sha256:b23a8caf24c7006abd0b60d30d0274f65c3e246ee9afa4172dbdfcfdb1ab1f56_amd64, * |
| Red Hat | rhmtc/openshift-migration-controller-rhel8@sha256:f8bb40b67361ce71c049a6c01480b121654e1dbdeb6d4e0de083139799ec896f_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-controller-rhel8@sha256:f8bb40b67361ce71c049a6c01480b121654e1dbdeb6d4e0de083139799ec896f_amd64, *, rhmtc/openshift-migration-controller-rhel8@sha256:f8bb40b67361ce71c049a6c01480b121654e1dbdeb6d4e0de083139799ec896f_amd64 |
| Red Hat | rhmtc/openshift-migration-openvpn-rhel8@sha256:352748648fdb5c8fd3e70c893ece3577e197c98ee668a85273ad0039b652f3f3_amd64 as a component of 8Base-RHMTC-1.8 | *, rhmtc/openshift-migration-openvpn-rhel8@sha256:352748648fdb5c8fd3e70c893ece3577e197c98ee668a85273ad0039b652f3f3_amd64, * |
| Red Hat | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b0f5036015c0b272e403e706ab40e2cdc3b76072cdb0c5bef0cc1531dc6901fc_amd64 as a component of 8Base-RHMTC-1.8 | *, rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b0f5036015c0b272e403e706ab40e2cdc3b76072cdb0c5bef0cc1531dc6901fc_amd64, rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b0f5036015c0b272e403e706ab40e2cdc3b76072cdb0c5bef0cc1531dc6901fc_amd64 |
| Red Hat | rhmtc/openshift-migration-registry-rhel8@sha256:cfbf428a046ca3e673fe10fe4df989c8a286e9e7eaa9461eaa2b09d8c9332292_amd64 as a component of 8Base-RHMTC-1.8 | *, rhmtc/openshift-migration-registry-rhel8@sha256:cfbf428a046ca3e673fe10fe4df989c8a286e9e7eaa9461eaa2b09d8c9332292_amd64, rhmtc/openshift-migration-registry-rhel8@sha256:cfbf428a046ca3e673fe10fe4df989c8a286e9e7eaa9461eaa2b09d8c9332292_amd64 |
| Red Hat | rhmtc/openshift-migration-ui-rhel8@sha256:902ba355ec98d5d07c8994f0a7897ce1403dad657d6c8e3aa9a0d7adcbcec515_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-ui-rhel8@sha256:902ba355ec98d5d07c8994f0a7897ce1403dad657d6c8e3aa9a0d7adcbcec515_amd64, *, * |
| Red Hat | rhmtc/openshift-migration-rhel8-operator@sha256:5a0ee2242345f67c5c51d1ca75e6d9a1893676bcea84759b4a6a4282d47d0066_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-rhel8-operator@sha256:5a0ee2242345f67c5c51d1ca75e6d9a1893676bcea84759b4a6a4282d47d0066_amd64, *, * |
| Red Hat | rhmtc/openshift-migration-must-gather-rhel8@sha256:41ed4c8a0c1a6730b328eeba4a83fb128a5bffc3549a74375c512d87edf305e2_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-must-gather-rhel8@sha256:41ed4c8a0c1a6730b328eeba4a83fb128a5bffc3549a74375c512d87edf305e2_amd64, rhmtc/openshift-migration-must-gather-rhel8@sha256:41ed4c8a0c1a6730b328eeba4a83fb128a5bffc3549a74375c512d87edf305e2_amd64, rhmtc/openshift-migration-must-gather-rhel8@sha256:41ed4c8a0c1a6730b328eeba4a83fb128a5bffc3549a74375c512d87edf305e2_amd64 |
| Red Hat | rhmtc/openshift-migration-hook-runner-rhel8@sha256:b23a8caf24c7006abd0b60d30d0274f65c3e246ee9afa4172dbdfcfdb1ab1f56_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-hook-runner-rhel8@sha256:b23a8caf24c7006abd0b60d30d0274f65c3e246ee9afa4172dbdfcfdb1ab1f56_amd64, *, rhmtc/openshift-migration-hook-runner-rhel8@sha256:b23a8caf24c7006abd0b60d30d0274f65c3e246ee9afa4172dbdfcfdb1ab1f56_amd64 |
| Red Hat | rhmtc/openshift-migration-must-gather-rhel8@sha256:41ed4c8a0c1a6730b328eeba4a83fb128a5bffc3549a74375c512d87edf305e2_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-must-gather-rhel8@sha256:41ed4c8a0c1a6730b328eeba4a83fb128a5bffc3549a74375c512d87edf305e2_amd64, *, * |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:17d30fd60779b7709db3ed321a44f030ff52c2755c56b25fa3931481c7679ee1_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:17d30fd60779b7709db3ed321a44f030ff52c2755c56b25fa3931481c7679ee1_amd64, rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:17d30fd60779b7709db3ed321a44f030ff52c2755c56b25fa3931481c7679ee1_amd64, rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:17d30fd60779b7709db3ed321a44f030ff52c2755c56b25fa3931481c7679ee1_amd64 |
| Red Hat | rhmtc/openshift-migration-controller-rhel8@sha256:f8bb40b67361ce71c049a6c01480b121654e1dbdeb6d4e0de083139799ec896f_amd64 as a component of 8Base-RHMTC-1.8 | *, rhmtc/openshift-migration-controller-rhel8@sha256:f8bb40b67361ce71c049a6c01480b121654e1dbdeb6d4e0de083139799ec896f_amd64, rhmtc/openshift-migration-controller-rhel8@sha256:f8bb40b67361ce71c049a6c01480b121654e1dbdeb6d4e0de083139799ec896f_amd64 |
| Red Hat | rhmtc/openshift-migration-operator-bundle@sha256:49b4655b2b31844f4732b8bff1e01b3ca038b6635665caf23cf747790c6074c6_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-operator-bundle@sha256:49b4655b2b31844f4732b8bff1e01b3ca038b6635665caf23cf747790c6074c6_amd64, rhmtc/openshift-migration-operator-bundle@sha256:49b4655b2b31844f4732b8bff1e01b3ca038b6635665caf23cf747790c6074c6_amd64, rhmtc/openshift-migration-operator-bundle@sha256:49b4655b2b31844f4732b8bff1e01b3ca038b6635665caf23cf747790c6074c6_amd64 |
| Red Hat | rhmtc/openshift-migration-rhel8-operator@sha256:5a0ee2242345f67c5c51d1ca75e6d9a1893676bcea84759b4a6a4282d47d0066_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-rhel8-operator@sha256:5a0ee2242345f67c5c51d1ca75e6d9a1893676bcea84759b4a6a4282d47d0066_amd64, rhmtc/openshift-migration-rhel8-operator@sha256:5a0ee2242345f67c5c51d1ca75e6d9a1893676bcea84759b4a6a4282d47d0066_amd64, * |
| Red Hat | rhmtc/openshift-migration-log-reader-rhel8@sha256:cf04aecf798695488d782ab240539c6c76ded0e392db812d7a1e81194d6713f5_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-log-reader-rhel8@sha256:cf04aecf798695488d782ab240539c6c76ded0e392db812d7a1e81194d6713f5_amd64, rhmtc/openshift-migration-log-reader-rhel8@sha256:cf04aecf798695488d782ab240539c6c76ded0e392db812d7a1e81194d6713f5_amd64, rhmtc/openshift-migration-log-reader-rhel8@sha256:cf04aecf798695488d782ab240539c6c76ded0e392db812d7a1e81194d6713f5_amd64 |
| Red Hat | rhmtc/openshift-migration-openvpn-rhel8@sha256:352748648fdb5c8fd3e70c893ece3577e197c98ee668a85273ad0039b652f3f3_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-openvpn-rhel8@sha256:352748648fdb5c8fd3e70c893ece3577e197c98ee668a85273ad0039b652f3f3_amd64, rhmtc/openshift-migration-openvpn-rhel8@sha256:352748648fdb5c8fd3e70c893ece3577e197c98ee668a85273ad0039b652f3f3_amd64, rhmtc/openshift-migration-openvpn-rhel8@sha256:352748648fdb5c8fd3e70c893ece3577e197c98ee668a85273ad0039b652f3f3_amd64 |
| Red Hat | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b0f5036015c0b272e403e706ab40e2cdc3b76072cdb0c5bef0cc1531dc6901fc_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b0f5036015c0b272e403e706ab40e2cdc3b76072cdb0c5bef0cc1531dc6901fc_amd64, rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b0f5036015c0b272e403e706ab40e2cdc3b76072cdb0c5bef0cc1531dc6901fc_amd64, rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b0f5036015c0b272e403e706ab40e2cdc3b76072cdb0c5bef0cc1531dc6901fc_amd64 |
| Red Hat | rhmtc/openshift-migration-operator-bundle@sha256:49b4655b2b31844f4732b8bff1e01b3ca038b6635665caf23cf747790c6074c6_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-operator-bundle@sha256:49b4655b2b31844f4732b8bff1e01b3ca038b6635665caf23cf747790c6074c6_amd64, *, rhmtc/openshift-migration-operator-bundle@sha256:49b4655b2b31844f4732b8bff1e01b3ca038b6635665caf23cf747790c6074c6_amd64 |
| Red Hat | rhmtc/openshift-migration-registry-rhel8@sha256:cfbf428a046ca3e673fe10fe4df989c8a286e9e7eaa9461eaa2b09d8c9332292_amd64 as a component of 8Base-RHMTC-1.8 | *, rhmtc/openshift-migration-registry-rhel8@sha256:cfbf428a046ca3e673fe10fe4df989c8a286e9e7eaa9461eaa2b09d8c9332292_amd64, * |
…and 2 more
Exploit Intelligence
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- CVE-2023-45857の挙動を確認するデモ (github-poc)
- valentin-panov/CVE-2023-45857 (github-poc)
- scan.openvex.json (github-poc)
- cve_db.json (github-poc)
- handlers.endpoints.ts (github-poc)
- handlers-original.ts (github-poc)
Timeline
- Apr 18, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:1925 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242064 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2248979 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2267018 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2268046 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1925.json advisory
- https://access.redhat.com/security/cve/CVE-2023-45857 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-45857 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-45857 advisory
- https://access.redhat.com/security/cve/CVE-2024-24786 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-24786 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-24786 advisory
- https://go.dev/cl/569356 advisory
- https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ advisory
- https://pkg.go.dev/vuln/GO-2024-2611 advisory