VDB

RHSA-2024%3A3801

RHSA-2024%3A3801 PUBLISHED CVSS 6 MEDIUM

An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.12. This release includes a security update for CVE-2023-30841 topology-aware-lifecycle-manager-operator-container: baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access [openshift-4] that was previously fixed but not reported in an errata. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Risk Scores

CVSS 3.1
6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Affected Products

VendorProductVersions
Red Hat OpenShift Container Platform 4.12
openshift4/ztp
openshift4/topology

Timeline

  • Jun 11, 2024 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 7, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›