Threats Tagged 'cve-2024-35195'

Red Hat Ansible Automation Platform 2. 4 for RHEL 8 and 9 contains multiple security vulnerabilities including a denial of service caused by malicious JWE tokens (CVE-2024-28102), improper handling of keys with non-attribute characters in jinja2 (CVE-2024-34064), and certificate verification bypass in subsequent requests (CVE-2024-35195). Red Hat has released updates addressing these issues in automation-controller version 4. 5. 8 and related components. The update is rated as having moderate security impact. No known exploits in the wild have been reported. The vulnerabilities affect the automation-controller component of the platform, which is used to manage IT automation at scale.

Red Hat Satellite 6. 16. 3 includes security fixes addressing multiple vulnerabilities: a sandbox breakout in python-jinja2 (CVE-2024-56326) and a potential denial-of-service vulnerability in python-django's IPv6 validation (CVE-2024-56374). These issues could impact system management operations performed by Red Hat Satellite, a solution for provisioning and configuration management. Users are advised to upgrade to the updated packages provided by Red Hat to remediate these vulnerabilities. The update is rated as having a moderate security impact. No known exploits are reported in the wild at this time.

A moderate severity vulnerability (CVE-2024-35195) affects the python-requests library in Red Hat Enterprise Linux 9. The issue causes subsequent HTTP requests to the same host to ignore certificate verification, potentially undermining TLS security. Red Hat has issued a security update to address this flaw in python-requests. The advisory covers multiple Red Hat Enterprise Linux 9 variants and architectures. No known exploits in the wild have been reported. Users should apply the provided update to remediate the vulnerability.

Red Hat Developer Hub (RHDH) 1. 2 is an enterprise-grade developer portal based on Backstage. io, supporting major Kubernetes clusters. The advisory references multiple CVEs including CVE-2024-6345 affecting RHDH 1. 2 on RHEL 9. The vendor advisory is a product enhancement announcement without explicit mention of security fixes or patches for these CVEs. No known exploits are reported in the wild. The advisory does not confirm the availability of patches or mitigations for these vulnerabilities.

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security Fix(es): * python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers (CVE-2024-1135) * golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790) * python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override (CVE-2024-26130) * python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget (CVE-2024-41991) Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.