VDB
RHSA-2024%3A3314
RHSA-2024%3A3314
PUBLISHED
CVSS 6.099999904632568 MEDIUM
An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8aca3b0011d9ee1f5983ae732de79968c2e4a48ed0720343490db30f92797b05_amd64 as a component of CNV 4.15 for RHEL 9 | * |
| Red Hat | container-native-virtualization/virt-cdi-importer-rhel9@sha256:f75d71f94736353d3e1c4d01ab20c7dfb94e7c11c42fd8396393b96d6e3f5fa9_amd64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/virt-cdi-importer-rhel9@sha256:f75d71f94736353d3e1c4d01ab20c7dfb94e7c11c42fd8396393b96d6e3f5fa9_amd64 |
| Red Hat | container-native-virtualization/kubevirt-common-instancetypes-rhel9@sha256:d438ddcf84de78b0235e340bc08002e2afb56d8a7f4a0c89f71bbb6564b7982e_amd64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/kubevirt-common-instancetypes-rhel9@sha256:d438ddcf84de78b0235e340bc08002e2afb56d8a7f4a0c89f71bbb6564b7982e_amd64 |
| Red Hat | container-native-virtualization/virt-handler-rhel9@sha256:cd4804ff3dfb0b64981ca3bda3f160c61cdce5722c40283cfa248e039d23253b_arm64 as a component of CNV 4.15 for RHEL 9 | * |
| Red Hat | container-native-virtualization/virt-launcher-rhel9@sha256:0c0ed8df6ce1774cec46b0865fc43d6a0cd61c3ba1024379cd2041a5d1f54211_arm64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/virt-launcher-rhel9@sha256:0c0ed8df6ce1774cec46b0865fc43d6a0cd61c3ba1024379cd2041a5d1f54211_arm64 |
| Red Hat | container-native-virtualization/kubevirt-template-validator-rhel9@sha256:7221d0f9ec2bb8fe10d6fa7557358f6809870ceca6abffff76fbaa9ffb89bfa9_arm64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/kubevirt-template-validator-rhel9@sha256:7221d0f9ec2bb8fe10d6fa7557358f6809870ceca6abffff76fbaa9ffb89bfa9_arm64 |
| Red Hat | container-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:68d4683b131e3d8d76af5c17e3a50e36c6ea9d1e9fe4fb32a519f830bcf98eaa_amd64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:68d4683b131e3d8d76af5c17e3a50e36c6ea9d1e9fe4fb32a519f830bcf98eaa_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-controller-rhel9@sha256:a9f98265d1898998206ff81490d53dad15fe32368cb24d3d270f6bb6588269bf_arm64 as a component of CNV 4.15 for RHEL 9 | * |
| Red Hat | container-native-virtualization/kubesecondarydns-rhel9@sha256:c18f0a4a085ffbbd0737cada237bb1965242648fb938317cde86d26670785d97_amd64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/kubesecondarydns-rhel9@sha256:c18f0a4a085ffbbd0737cada237bb1965242648fb938317cde86d26670785d97_amd64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:7291554489004db05824fe6087480c86e7d2307dce8e4a66fe23bd6df4734406_amd64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:7291554489004db05824fe6087480c86e7d2307dce8e4a66fe23bd6df4734406_amd64 |
| Red Hat | container-native-virtualization/pr-helper-rhel9@sha256:c122c6bc64b926709fa42f9c37579b4cd412a4c032ddfab1e89edd5610ad6700_amd64 as a component of CNV 4.15 for RHEL 9 | * |
| Red Hat | container-native-virtualization/kubemacpool-rhel9@sha256:17727cf133d3fbf9865bf7f9ae1a09a40fd0d21114a38a046ecffeac26ec2e61_arm64 as a component of CNV 4.15 for RHEL 9 | * |
| Red Hat | container-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:c8a7b80129aeb6ec0ce7a5adfb3541c898fc21995500fd5a8bd67cd2192b2578_arm64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:c8a7b80129aeb6ec0ce7a5adfb3541c898fc21995500fd5a8bd67cd2192b2578_arm64 |
| Red Hat | container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:9bf95180f0cd4ebea96e0041df8d1fbfa9854029cfdd744360463bacd2ae444e_amd64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:9bf95180f0cd4ebea96e0041df8d1fbfa9854029cfdd744360463bacd2ae444e_amd64 |
| Red Hat | container-native-virtualization/libguestfs-tools-rhel9@sha256:de720a20dda05a48de4e72582b0914d3b5ee5cad5a637efdac38dbb0654b991d_amd64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/libguestfs-tools-rhel9@sha256:de720a20dda05a48de4e72582b0914d3b5ee5cad5a637efdac38dbb0654b991d_amd64 |
| Red Hat | container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:66fa300a526204e9f4925b5a7d554bcce225935385625e040cee6fe75a44578d_amd64 as a component of CNV 4.15 for RHEL 9 | * |
| Red Hat | container-native-virtualization/multus-dynamic-networks-rhel9@sha256:8699359b01ca935c95c5e4c91e082243f3b0fd388b76041ad28ebb501c86cc9a_arm64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/multus-dynamic-networks-rhel9@sha256:8699359b01ca935c95c5e4c91e082243f3b0fd388b76041ad28ebb501c86cc9a_arm64 |
| Red Hat | container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:abf9f568d866433b9c1a4f08b63ca6f11543171882694179b37b70feb75257de_amd64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:abf9f568d866433b9c1a4f08b63ca6f11543171882694179b37b70feb75257de_amd64 |
| Red Hat | container-native-virtualization/vm-console-proxy-rhel9@sha256:100e1d5216b5ca9343eb58e61cfc77c069bf0e137a3ec67da519c4ed6d272b5d_amd64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/vm-console-proxy-rhel9@sha256:100e1d5216b5ca9343eb58e61cfc77c069bf0e137a3ec67da519c4ed6d272b5d_amd64 |
| Red Hat | container-native-virtualization/ovs-cni-plugin-rhel9@sha256:9eb2dfb42ad50e6fe431a8518304712da3a35d21a0d2e609b281c6b45f3fbc76_amd64 as a component of CNV 4.15 for RHEL 9 | container-native-virtualization/ovs-cni-plugin-rhel9@sha256:9eb2dfb42ad50e6fe431a8518304712da3a35d21a0d2e609b281c6b45f3fbc76_amd64 |
…and 80 more
Timeline
- May 23, 2024 CVE Published
- Apr 25, 2026 CVE Updated
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:3314 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2248979 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2256413 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2268273 issue
- https://issues.redhat.com/browse/CNV-34292 advisory
- https://issues.redhat.com/browse/CNV-34963 advisory
- https://issues.redhat.com/browse/CNV-37007 advisory
- https://issues.redhat.com/browse/CNV-37018 advisory
- https://issues.redhat.com/browse/CNV-38360 advisory
- https://issues.redhat.com/browse/CNV-38599 advisory
- https://issues.redhat.com/browse/CNV-38661 advisory
- https://issues.redhat.com/browse/CNV-38699 advisory
- https://issues.redhat.com/browse/CNV-38845 advisory
- https://issues.redhat.com/browse/CNV-39100 advisory
- https://issues.redhat.com/browse/CNV-39557 advisory
- https://issues.redhat.com/browse/CNV-39686 advisory
- https://issues.redhat.com/browse/CNV-39704 advisory
- https://issues.redhat.com/browse/CNV-40159 advisory
- https://issues.redhat.com/browse/CNV-40904 advisory
…and 14 more