VDB

RHSA-2025%3A1704

RHSA-2025%3A1704 PUBLISHED CVSS 8.100000381469727 HIGH

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4/sriov-network-metrics-exporter-rhel9@sha256:e4858e291d7ad535f4aab83f314b0ab19d875c66fe87fb3538de7571542c4807_ppc64le as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatopenshift4/ose-csi-driver-shared-resource-mustgather-rhel9@sha256:87c9ec8b5274b20529c0b0e5871039259a1e6cd1d407c23975defd524ebb59a7_s390x as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-csi-driver-shared-resource-mustgather-rhel9@sha256:87c9ec8b5274b20529c0b0e5871039259a1e6cd1d407c23975defd524ebb59a7_s390x
Red Hatopenshift4/kubernetes-nmstate-rhel9-operator@sha256:ec64a214adab3ab56bc4715eabc08cf126233581af89b6aae42efa6c6bd5a77c_ppc64le as a component of Red Hat OpenShift Container Platform 4.16openshift4/kubernetes-nmstate-rhel9-operator@sha256:ec64a214adab3ab56bc4715eabc08cf126233581af89b6aae42efa6c6bd5a77c_ppc64le
Red Hatopenshift4/ptp-must-gather-rhel9@sha256:3c14f7b2d873e71f87e811f97f4ab13699225f7c93044bbb05aafabfd416738b_amd64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/ptp-must-gather-rhel9@sha256:3c14f7b2d873e71f87e811f97f4ab13699225f7c93044bbb05aafabfd416738b_amd64
Red Hatopenshift4/ose-operator-sdk-rhel9@sha256:eeb1d99595529613cb094b8314fe28cf61692c6b2c670a05f9d2bc2b0e7db7ee_arm64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatopenshift4/sriov-network-metrics-exporter-rhel9@sha256:be270a7728e5521da321031734c186f415fa8e9d51d692e8cae7df3e0e2f6919_amd64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/sriov-network-metrics-exporter-rhel9@sha256:be270a7728e5521da321031734c186f415fa8e9d51d692e8cae7df3e0e2f6919_amd64
Red Hatopenshift4/kubernetes-nmstate-rhel9-operator@sha256:4decb51af068d99b41641772ae0c7c8f68d6778208188349dda869380798904c_amd64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/kubernetes-nmstate-rhel9-operator@sha256:4decb51af068d99b41641772ae0c7c8f68d6778208188349dda869380798904c_amd64
Red Hatopenshift4/ose-sriov-network-rhel9-operator@sha256:fec3d8df59d26d462be75e2fbc59888dfdb15fa6819bd39a6642d4356ad09d82_amd64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-sriov-network-rhel9-operator@sha256:fec3d8df59d26d462be75e2fbc59888dfdb15fa6819bd39a6642d4356ad09d82_amd64
Red Hatopenshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:2d6d320242a0f7ec5b8ee1451e3539122d54f6f7def159baa342c9dee169303f_amd64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:2d6d320242a0f7ec5b8ee1451e3539122d54f6f7def159baa342c9dee169303f_amd64
Red Hatopenshift4/ose-sriov-network-rhel9-operator@sha256:4b3d4389aac7a0aa4fb350579f78bf1f8b07bc4c0fe846f9b1e27b0abed6aae2_arm64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatopenshift4/nmstate-console-plugin-rhel9@sha256:c0e47eb928f6c654311d01b6d5da68adc37107121803285e09765bb06425b915_arm64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/nmstate-console-plugin-rhel9@sha256:c0e47eb928f6c654311d01b6d5da68adc37107121803285e09765bb06425b915_arm64
Red Hatopenshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:c9d29ddc6decd6358c7935eb1fcf8a920db2e04bdc6ebe30d09b7db83519a69e_ppc64le as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:c9d29ddc6decd6358c7935eb1fcf8a920db2e04bdc6ebe30d09b7db83519a69e_ppc64le
Red Hatopenshift4/ose-operator-sdk-rhel9@sha256:a37bc2569541975dc85b91b0426a2a157b3c1f390c76ea79b11a1437344b1c9e_ppc64le as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-operator-sdk-rhel9@sha256:a37bc2569541975dc85b91b0426a2a157b3c1f390c76ea79b11a1437344b1c9e_ppc64le
Red Hatopenshift4/ose-csi-driver-shared-resource-mustgather-rhel9@sha256:7662039b328d514fe1e03bd241f0a24d256f752e2a5f26dde75f29df4c10b686_arm64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-csi-driver-shared-resource-mustgather-rhel9@sha256:7662039b328d514fe1e03bd241f0a24d256f752e2a5f26dde75f29df4c10b686_arm64
Red Hatopenshift4/ose-helm-rhel9-operator@sha256:d469976c1a96d26c42baf02391bcac3994cac27955a10b4753b13e22b2ef4617_s390x as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-helm-rhel9-operator@sha256:d469976c1a96d26c42baf02391bcac3994cac27955a10b4753b13e22b2ef4617_s390x
Red Hatopenshift4/ose-sriov-network-metrics-exporter-rhel9@sha256:e4858e291d7ad535f4aab83f314b0ab19d875c66fe87fb3538de7571542c4807_ppc64le as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-sriov-network-metrics-exporter-rhel9@sha256:e4858e291d7ad535f4aab83f314b0ab19d875c66fe87fb3538de7571542c4807_ppc64le
Red Hatopenshift4/sriov-network-metrics-exporter-rhel9@sha256:69d8ba95cb2698724dc5be762e9403ce82662cd4f65d9ed824592e8b26ce44ae_arm64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatopenshift4/ose-operator-sdk-rhel9@sha256:bc2469da8833eec1f137ae8203e17be1cded1ff746da08b78d76037c99979647_amd64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-operator-sdk-rhel9@sha256:bc2469da8833eec1f137ae8203e17be1cded1ff746da08b78d76037c99979647_amd64
Red Hatopenshift4/ose-csi-driver-shared-resource-mustgather-rhel9@sha256:4f2c25fd49437dbbe01c064343441b7a1940bf6e42b434f5cf72f573c75435fa_ppc64le as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatopenshift4/nmstate-console-plugin-rhel9@sha256:0876977b02c66c9c436e1b709ef0890eb37ba6000cc66b359bc43a82f9c9326d_amd64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/nmstate-console-plugin-rhel9@sha256:0876977b02c66c9c436e1b709ef0890eb37ba6000cc66b359bc43a82f9c9326d_amd64

…and 16 more

Timeline

  • Feb 27, 2025 CVE Published
  • Apr 29, 2026 CVE Updated
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›