{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Kiali für Red Hat OpenShift Service Mesh ausnutzen, um erweiterte Privilegien zu erlangen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- Sonstiges\n- UNIX", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1513 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1513.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1513 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1513" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16532 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16532" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16534 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16534" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16535 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16535" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16542 vom 2026-05-12", "url" : "https://access.redhat.com/errata/RHSA-2026:16542" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:16874 vom 2026-05-13", "url" : "https://access.redhat.com/errata/RHSA-2026:16874" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:17287 vom 2026-05-13", "url" : "https://access.redhat.com/errata/RHSA-2026:17287" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:17084 vom 2026-05-13", "url" : "https://access.redhat.com/errata/RHSA-2026:17084" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:17474 vom 2026-05-19", "url" : "https://access.redhat.com/errata/RHSA-2026:17474" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:19109 vom 2026-05-19", "url" : "https://access.redhat.com/errata/RHSA-2026:19109" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:19375 vom 2026-05-20", "url" : "https://access.redhat.com/errata/RHSA-2026:19375" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:19712 vom 2026-05-21", "url" : "https://access.redhat.com/errata/RHSA-2026:19712" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:20338 vom 2026-05-22", "url" : "https://access.redhat.com/errata/RHSA-2026:20338" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:20607 vom 2026-05-26", "url" : "https://access.redhat.com/errata/RHSA-2026:20607" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:20608 vom 2026-05-26", "url" : "https://access.redhat.com/errata/RHSA-2026:20608" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:20609 vom 2026-05-26", "url" : "https://access.redhat.com/errata/RHSA-2026:20609" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:20454 vom 2026-05-25", "url" : "https://access.redhat.com/errata/RHSA-2026:20454" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:20571 vom 2026-05-26", "url" : "https://access.redhat.com/errata/RHSA-2026:20571" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:21017 vom 2026-05-26", "url" : "https://access.redhat.com/errata/RHSA-2026:21017" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:20938 vom 2026-05-26", "url" : "https://access.redhat.com/errata/RHSA-2026:20938" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:20889 vom 2026-05-26", "url" : "https://access.redhat.com/errata/RHSA-2026:20889" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:21772 vom 2026-05-29", "url" : "https://access.redhat.com/errata/RHSA-2026:21772" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:22465 vom 2026-06-02", "url" : "https://access.redhat.com/errata/RHSA-2026:22465" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:22629 vom 2026-06-02", "url" : "https://access.redhat.com/errata/RHSA-2026:22629" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:22619 vom 2026-06-02", "url" : "https://access.redhat.com/errata/RHSA-2026:22619" } ], "source_lang" : "en-US", "title" : "Kiali für Red Hat OpenShift Service Mesh (Axios, Go, Follow-redirects): Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-06-02T22:00:00.000+00:00", "generator" : { "date" : "2026-06-03T06:02:38.633+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1513", "initial_release_date" : "2026-05-12T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-05-12T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-05-14T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2026-05-19T22:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2026-05-20T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2026-05-21T22:00:00.000+00:00", "number" : "5", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2026-05-25T22:00:00.000+00:00", "number" : "6", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2026-05-26T22:00:00.000+00:00", "number" : "7", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2026-05-28T22:00:00.000+00:00", "number" : "8", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2026-06-02T22:00:00.000+00:00", "number" : "9", "summary" : "Neue Updates von Red Hat aufgenommen" } ], "status" : "final", "version" : "9" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } }, { "category" : "product_version", "name" : "Advanced Cluster Security", "product" : { "name" : "Red Hat Enterprise Linux Advanced Cluster Security", "product_id" : "T049494", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:advanced_cluster_security" } } }, { "category" : "product_version", "name" : "10.0 Extended Update Support", "product" : { "name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "product_id" : "T054025", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:10.0_extended_update_support" } } }, { "category" : "product_version", "name" : "9.6 Extended Update Support", "product" : { "name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "product_id" : "T054028", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:9.6_extended_update_support" } } }, { "category" : "product_version", "name" : "9.6", "product" : { "name" : "Red Hat Enterprise Linux 9.6", "product_id" : "T054657", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:9.6" } } }, { "category" : "product_version", "name" : "10", "product" : { "name" : "Red Hat Enterprise Linux 10.0", "product_id" : "T054693", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:10.0" } } }, { "category" : "product_version", "name" : "Quay", "product" : { "name" : "Red Hat Enterprise Linux Quay", "product_id" : "T054709", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:quay" } } } ], "category" : "product_name", "name" : "Enterprise Linux" }, { "branches" : [ { "category" : "product_version", "name" : "Kiali 2.4.16 Service Mesh 3.0", "product" : { "name" : "Red Hat OpenShift Kiali 2.4.16 Service Mesh 3.0", "product_id" : "T053978", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:kiali_2.4.16_service_mesh_3.0" } } }, { "category" : "product_version", "name" : "Kiali 2.17.7 Service Mesh 3.2", "product" : { "name" : "Red Hat OpenShift Kiali 2.17.7 Service Mesh 3.2", "product_id" : "T053979", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:kiali_2.17.7_service_mesh_3.2" } } }, { "category" : "product_version", "name" : "Kiali 2.22.3 Service Mesh 3.3", "product" : { "name" : "Red Hat OpenShift Kiali 2.22.3 Service Mesh 3.3", "product_id" : "T053980", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:kiali_2.22.3_service_mesh_3.3" } } }, { "category" : "product_version", "name" : "Kiali 2.11.10 Service Mesh 3.1", "product" : { "name" : "Red Hat OpenShift Kiali 2.11.10 Service Mesh 3.1", "product_id" : "T053981", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:kiali_2.11.10_service_mesh_3.1" } } }, { "category" : "product_version", "name" : "Network Observability 1.11.2", "product" : { "name" : "Red Hat OpenShift Network Observability 1.11.2", "product_id" : "T054021", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:network_observability_1.11.2" } } }, { "category" : "product_version", "name" : "Service Mesh 2.6", "product" : { "name" : "Red Hat OpenShift Service Mesh 2.6", "product_id" : "T054544", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:service_mesh_2.6" } } }, { "category" : "product_version_range", "name" : "Dev Spaces <3.28.0", "product" : { "name" : "Red Hat OpenShift Dev Spaces <3.28.0", "product_id" : "T054838" } }, { "category" : "product_version", "name" : "Dev Spaces 3.28.0", "product" : { "name" : "Red Hat OpenShift Dev Spaces 3.28.0", "product_id" : "T054838-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:dev_spaces__3.28.0" } } } ], "category" : "product_name", "name" : "OpenShift" } ], "category" : "vendor", "name" : "Red Hat" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-42033", "product_status" : { "known_affected" : [ "T053980", "T054693", "T054021", "67646", "T049494", "T054657", "T054028", "T054544", "T053981", "T054025", "T054709", "T054838", "T053978", "T053979" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-42033" }, { "cve" : "CVE-2026-42035", "product_status" : { "known_affected" : [ "T053980", "T054693", "T054021", "67646", "T049494", "T054657", "T054028", "T054544", "T053981", "T054025", "T054709", "T054838", "T053978", "T053979" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-42035" }, { "cve" : "CVE-2026-42039", "product_status" : { "known_affected" : [ "T053980", "T054693", "T054021", "67646", "T049494", "T054657", "T054028", "T054544", "T053981", "T054025", "T054709", "T054838", "T053978", "T053979" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-42039" }, { "cve" : "CVE-2026-42041", "product_status" : { "known_affected" : [ "T053980", "T054693", "T054021", "67646", "T049494", "T054657", "T054028", "T054544", "T053981", "T054025", "T054709", "T054838", "T053978", "T053979" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-42041" }, { "cve" : "CVE-2026-42043", "product_status" : { "known_affected" : [ "T053980", "T054693", "T054021", "67646", "T049494", "T054657", "T054028", "T054544", "T053981", "T054025", "T054709", "T054838", "T053978", "T053979" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-42043" }, { "cve" : "CVE-2026-42044", "product_status" : { "known_affected" : [ "T053980", "T054693", "T054021", "67646", "T049494", "T054657", "T054028", "T054544", "T053981", "T054025", "T054709", "T054838", "T053978", "T053979" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-42044" }, { "cve" : "CVE-2026-32280", "product_status" : { "known_affected" : [ "T053980", "T054693", "T054021", "67646", "T049494", "T054657", "T054028", "T054544", "T053981", "T054025", "T054709", "T054838", "T053978", "T053979" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-32280" }, { "cve" : "CVE-2026-40895", "product_status" : { "known_affected" : [ "T053980", "T054693", "T054021", "67646", "T049494", "T054657", "T054028", "T054544", "T053981", "T054025", "T054709", "T054838", "T053978", "T053979" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-40895" } ] }