RHSA-2024%3A3801
An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.12. This release includes a security update for CVE-2023-30841 topology-aware-lifecycle-manager-operator-container: baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access [openshift-4] that was previously fixed but not reported in an errata. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat OpenShift Container Platform 4.12 | ||
| openshift4/ztp | ||
| openshift4/topology |
Timeline
- Jun 11, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 7, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:3801 advisory
- https://access.redhat.com/security/updates/classification/#moderate url
- https://issues.redhat.com/browse/OCPBUGS-11986 url
- https://issues.redhat.com/browse/OCPBUGS-17388 url
- https://issues.redhat.com/browse/OCPBUGS-20001 url
- https://issues.redhat.com/browse/OCPBUGS-20425 url
- https://issues.redhat.com/browse/OCPBUGS-25226 url
- https://issues.redhat.com/browse/OCPBUGS-33779 url
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3801.json advisory