VDB

RHSA-2024%3A3314

RHSA-2024%3A3314 PUBLISHED CVSS 6.099999904632568 MEDIUM

An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Red Hatcontainer-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:8aca3b0011d9ee1f5983ae732de79968c2e4a48ed0720343490db30f92797b05_amd64 as a component of CNV 4.15 for RHEL 9*
Red Hatcontainer-native-virtualization/virt-cdi-importer-rhel9@sha256:f75d71f94736353d3e1c4d01ab20c7dfb94e7c11c42fd8396393b96d6e3f5fa9_amd64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/virt-cdi-importer-rhel9@sha256:f75d71f94736353d3e1c4d01ab20c7dfb94e7c11c42fd8396393b96d6e3f5fa9_amd64
Red Hatcontainer-native-virtualization/kubevirt-common-instancetypes-rhel9@sha256:d438ddcf84de78b0235e340bc08002e2afb56d8a7f4a0c89f71bbb6564b7982e_amd64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/kubevirt-common-instancetypes-rhel9@sha256:d438ddcf84de78b0235e340bc08002e2afb56d8a7f4a0c89f71bbb6564b7982e_amd64
Red Hatcontainer-native-virtualization/virt-handler-rhel9@sha256:cd4804ff3dfb0b64981ca3bda3f160c61cdce5722c40283cfa248e039d23253b_arm64 as a component of CNV 4.15 for RHEL 9*
Red Hatcontainer-native-virtualization/virt-launcher-rhel9@sha256:0c0ed8df6ce1774cec46b0865fc43d6a0cd61c3ba1024379cd2041a5d1f54211_arm64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/virt-launcher-rhel9@sha256:0c0ed8df6ce1774cec46b0865fc43d6a0cd61c3ba1024379cd2041a5d1f54211_arm64
Red Hatcontainer-native-virtualization/kubevirt-template-validator-rhel9@sha256:7221d0f9ec2bb8fe10d6fa7557358f6809870ceca6abffff76fbaa9ffb89bfa9_arm64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/kubevirt-template-validator-rhel9@sha256:7221d0f9ec2bb8fe10d6fa7557358f6809870ceca6abffff76fbaa9ffb89bfa9_arm64
Red Hatcontainer-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:68d4683b131e3d8d76af5c17e3a50e36c6ea9d1e9fe4fb32a519f830bcf98eaa_amd64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:68d4683b131e3d8d76af5c17e3a50e36c6ea9d1e9fe4fb32a519f830bcf98eaa_amd64
Red Hatcontainer-native-virtualization/virt-cdi-controller-rhel9@sha256:a9f98265d1898998206ff81490d53dad15fe32368cb24d3d270f6bb6588269bf_arm64 as a component of CNV 4.15 for RHEL 9*
Red Hatcontainer-native-virtualization/kubesecondarydns-rhel9@sha256:c18f0a4a085ffbbd0737cada237bb1965242648fb938317cde86d26670785d97_amd64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/kubesecondarydns-rhel9@sha256:c18f0a4a085ffbbd0737cada237bb1965242648fb938317cde86d26670785d97_amd64
Red Hatcontainer-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:7291554489004db05824fe6087480c86e7d2307dce8e4a66fe23bd6df4734406_amd64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:7291554489004db05824fe6087480c86e7d2307dce8e4a66fe23bd6df4734406_amd64
Red Hatcontainer-native-virtualization/pr-helper-rhel9@sha256:c122c6bc64b926709fa42f9c37579b4cd412a4c032ddfab1e89edd5610ad6700_amd64 as a component of CNV 4.15 for RHEL 9*
Red Hatcontainer-native-virtualization/kubemacpool-rhel9@sha256:17727cf133d3fbf9865bf7f9ae1a09a40fd0d21114a38a046ecffeac26ec2e61_arm64 as a component of CNV 4.15 for RHEL 9*
Red Hatcontainer-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:c8a7b80129aeb6ec0ce7a5adfb3541c898fc21995500fd5a8bd67cd2192b2578_arm64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/kubevirt-apiserver-proxy-rhel9@sha256:c8a7b80129aeb6ec0ce7a5adfb3541c898fc21995500fd5a8bd67cd2192b2578_arm64
Red Hatcontainer-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:9bf95180f0cd4ebea96e0041df8d1fbfa9854029cfdd744360463bacd2ae444e_amd64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/kubevirt-dpdk-checkup-rhel9@sha256:9bf95180f0cd4ebea96e0041df8d1fbfa9854029cfdd744360463bacd2ae444e_amd64
Red Hatcontainer-native-virtualization/libguestfs-tools-rhel9@sha256:de720a20dda05a48de4e72582b0914d3b5ee5cad5a637efdac38dbb0654b991d_amd64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/libguestfs-tools-rhel9@sha256:de720a20dda05a48de4e72582b0914d3b5ee5cad5a637efdac38dbb0654b991d_amd64
Red Hatcontainer-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:66fa300a526204e9f4925b5a7d554bcce225935385625e040cee6fe75a44578d_amd64 as a component of CNV 4.15 for RHEL 9*
Red Hatcontainer-native-virtualization/multus-dynamic-networks-rhel9@sha256:8699359b01ca935c95c5e4c91e082243f3b0fd388b76041ad28ebb501c86cc9a_arm64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/multus-dynamic-networks-rhel9@sha256:8699359b01ca935c95c5e4c91e082243f3b0fd388b76041ad28ebb501c86cc9a_arm64
Red Hatcontainer-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:abf9f568d866433b9c1a4f08b63ca6f11543171882694179b37b70feb75257de_amd64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:abf9f568d866433b9c1a4f08b63ca6f11543171882694179b37b70feb75257de_amd64
Red Hatcontainer-native-virtualization/vm-console-proxy-rhel9@sha256:100e1d5216b5ca9343eb58e61cfc77c069bf0e137a3ec67da519c4ed6d272b5d_amd64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/vm-console-proxy-rhel9@sha256:100e1d5216b5ca9343eb58e61cfc77c069bf0e137a3ec67da519c4ed6d272b5d_amd64
Red Hatcontainer-native-virtualization/ovs-cni-plugin-rhel9@sha256:9eb2dfb42ad50e6fe431a8518304712da3a35d21a0d2e609b281c6b45f3fbc76_amd64 as a component of CNV 4.15 for RHEL 9container-native-virtualization/ovs-cni-plugin-rhel9@sha256:9eb2dfb42ad50e6fe431a8518304712da3a35d21a0d2e609b281c6b45f3fbc76_amd64

…and 80 more

Timeline

  • May 23, 2024 CVE Published
  • Apr 25, 2026 CVE Updated
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›