VDB
RHSA-2024%3A9485
RHSA-2024%3A9485
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | * |
| Red Hat | rhoso-operators/openstack-baremetal-agent-rhel9@sha256:f08212d197b81bbcd1e44ffb5e20d2b7327b3b438b103e37065783f9027c020c_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | * |
| Red Hat | rhoso-operators/openstack-rhel9-operator@sha256:7d7de1bbcd1154bb6aa9c1d0e94c1413aad4714b3cbe8d6d2512bca238af3292_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | * |
| Red Hat | rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64, *, rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64 |
| Red Hat | rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64, rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64, rhoso-operators/horizon-rhel9-operator@sha256:17246bbe4f31daffc1614ac6a3d5d90a552b2cdd68d757bd48be6c57d31f6c2e_amd64 |
| Red Hat | rhoso-operators/rabbitmq-cluster-rhel9-operator@sha256:e9f6e20f5e7a11cea3533cebc6834ce36d20007ad3fc866c373e410c66c8195d_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | * |
| Red Hat | rhoso-operators/openstack-must-gather-rhel9@sha256:586ab3bab72c0dd76418c6e4fbf49577c289430212567aab495cd7231d52e4fc_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | * |
| Red Hat | rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64, rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64, rhoso-operators/heat-rhel9-operator@sha256:ea965c08c2c7d31410ed80b8eb808933cc511783f8c69b0d1bd8a17ee9abf19d_amd64 |
| Red Hat | rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64, rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64, rhoso-operators/nova-rhel9-operator@sha256:641657e9340a21d5e82e81407b2b3719df6eed8cd8334171aaa338dde86d6d52_amd64 |
| Red Hat | rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64, rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64, rhoso-operators/swift-rhel9-operator@sha256:59483bd45a23f40462c37064ec6dc334b8366f6266aa959825d2a8ed7075ff40_amd64 |
| Red Hat | rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64, rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64, rhoso-operators/cinder-rhel9-operator@sha256:5b0a67c7eb1eeda740c1d7659eea8ab51a21427e1ba2ff1714860bc7f01a3ca6_amd64 |
| Red Hat | rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64, rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64, rhoso-operators/telemetry-rhel9-operator@sha256:66fefdca3acda5f33d8eefe32abd3a2c1e3665e5ae9456683dca604524001695_amd64 |
| Red Hat | rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64, rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64, rhoso-operators/ironic-rhel9-operator@sha256:030589a0e86a20a306c3e9118c3f29ee95d409fc88a1173f174c11556c6ca58c_amd64 |
| Red Hat | rhoso-operators/sg-core-rhel9@sha256:e40fac6ed64076c41c6056df02153011ea9ac575ca018aa1c9c3b8093426f6d4_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | * |
| Red Hat | rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | *, rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64, rhoso-operators/manila-rhel9-operator@sha256:15356683398fada9c162ccc37f150477f39a1c53f55033d07c712ad6aa317e36_amd64 |
| Red Hat | rhoso-operators/infra-rhel9-operator@sha256:5c873e80bc6a33ac0244e75ef93582e22f211125ed50fd06b4537cc8db15e37e_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | * |
| Red Hat | rhoso-operators/keystone-rhel9-operator@sha256:6d2d87f44b7c0b3b5aff6bc2ad112d4bcd3e5f2a2a157f449842cc9340789392_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | * |
| Red Hat | rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64, rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64, rhoso-operators/designate-rhel9-operator@sha256:a5646a3a3d6f7584538ecddeac5537e26ae6c0f60b36df7ebae1bd527cc982c7_amd64 |
| Red Hat | rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64, rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64, rhoso-operators/placement-rhel9-operator@sha256:44c1ef6eacfa049e4846dabd182648ccad01df7f5019ac7ea9d98bc8b0e2d95f_amd64 |
| Red Hat | rhoso-operators/glance-rhel9-operator@sha256:a1c8bcc3bc80b8787bed607276084c23bc7891ddb91eba6f145779a8fe481834_amd64 as a component of 9Base-RHOSO-1.0-PODIFIED | * |
…and 30 more
Timeline
- Nov 13, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:9485 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268017 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2268018 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2268019 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2268021 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2268022 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2279814 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2310527 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2310528 issue
- https://issues.redhat.com/browse/OSPRH-10035 advisory
- https://issues.redhat.com/browse/OSPRH-10040 advisory
- https://issues.redhat.com/browse/OSPRH-10090 advisory
- https://issues.redhat.com/browse/OSPRH-10141 advisory
- https://issues.redhat.com/browse/OSPRH-10195 advisory
- https://issues.redhat.com/browse/OSPRH-10282 advisory
- https://issues.redhat.com/browse/OSPRH-10288 advisory
- https://issues.redhat.com/browse/OSPRH-10411 advisory
- https://issues.redhat.com/browse/OSPRH-105 advisory
- https://issues.redhat.com/browse/OSPRH-10612 advisory
…and 87 more