Back to bug 2045880

Who When What Removed Added
Pedro Sampaio 2022-01-25 20:36:42 UTC CC security-response-team
Pedro Sampaio 2022-01-25 20:38:34 UTC Blocks 2045882
Florencio Cano 2022-01-28 07:13:13 UTC CC crarobin, jmadigan, ngough, pamccart
Florencio Cano 2022-01-28 07:13:45 UTC CC jwong
Florencio Cano 2022-01-28 07:18:46 UTC CC rfreiman
Florencio Cano 2022-01-28 07:21:28 UTC Depends On 2047626, 2047628
Florencio Cano 2022-01-31 08:47:08 UTC CC fcanogab, jbuscemi
Borja Tarraso 2022-02-08 07:45:44 UTC Depends On 2051848
Guilherme de Almeida Suckevicz 2022-02-15 16:35:45 UTC Group security, qe_staff
CC aos-bugs
Summary EMBARGOED CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
Sage McTaggart 2022-02-18 19:35:00 UTC Depends On 2056104
Red Hat Bugzilla 2022-02-22 06:37:13 UTC CC jnakfour
Sage McTaggart 2022-03-18 18:15:17 UTC Doc Text A denial of service attack was found in prometheus/client_golang. An attacker can produce a denial of service attack on a server using Go, using InstrumentHandlerCounter in the version below 1.12, producing a loss of availability.
RaTasha Tillery-Smith 2022-03-21 13:26:53 UTC Doc Text A denial of service attack was found in prometheus/client_golang. An attacker can produce a denial of service attack on a server using Go, using InstrumentHandlerCounter in the version below 1.12, producing a loss of availability. A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on a server using Go, using the InstrumentHandlerCounter in the version below 1.12, resulting in a loss of availability.
Sage McTaggart 2022-03-21 21:59:37 UTC Depends On 2066491, 2066492
Pedro Sampaio 2022-03-23 13:56:50 UTC Fixed In Version prometheus/client_golang 1.11.1
Pedro Sampaio 2022-03-23 14:29:50 UTC CC abenaiss, abishop, acui, adam.kaplan, admiller, agarcial, agerstmayr, alazar, alitke, amackenz, amasferr, amuller, amurdaca, anpicker, aos-apiserver-staff, aos-install, aos-network-edge-staff, aos-odin-bot, aos-storage-staff, aos-team-ota, arane, bbaude, bbennett, bcoca, bgilbert, bkundu, blaise, bradley.g.smith, carangog, carl, chazlett, chousekn, cmeyers, cnv-qe-bugs, container-sig, dagray, davidn, dcavalca, debarshir, dholler, dperaza, drieden, dustymabe, dwalsh, dwest, dwhatley, dymurray, ebakerupw, eglynn, erooth, etamir, ewolinet, fdeutsch, fpokorny, gblomqui, go-sig, grafana-maint, hchiramm, hhorak, ibolton, jakubr, jcajka, jcammara, jcantril, jchaloup, jchui, jerzhang, jesusr, jhadvig, jhardy, jhrozek, jitsingh, jjoyce, jkurik, jligon, jmatthew, jmencak, jmittapa, jmontleo, jnovy, jobarker, joelsmith, jortel, jrivera, jwendell, jwon, krathod, ktokunaga.mail, kwalker, lball, lgamliel, lhh, lhinds, lmadsen, lmeyer, lsm5, mabashia, madam, maszulik, matzew, mburns, mfilanov, mfojtik, mgarciac, mgoodwin, mheon, mkudlej, mrogers, mrunge, mskalicky, mthoemme, mwringe, nalin, nathans, nbecker, ngompa13, nobody, notting, obulatov, ocs-bugs, osapryki, oskutka, ovanders, patrick, pbhattac, pdhamdhe, pegoncal, pehunt, phoracek, pknezevi, pkubat, ploffay, pthomas, relrod, rh.container.bot, rhos-maint, rhuss, rpetrell, rphillips, rrajasek, ryncsn, sanchezl, santiago, sayan.chowdhury2012, scorneli, sd-operator-metering, sdoran, sejug, sgott, shardy, slaznick, slucidi, smcdonal, spandura, spasquie, spower, sseago, stirabos, sttts, suprs, surbania, team-winc, tflannag, thrcka, tjochec, tkral, tkuratom, tnielsen, tsweeney, umohnani, whayutin, xiyuan, xxia, yselkowi, zebob.m
Pedro Sampaio 2022-03-23 17:09:11 UTC Comment 0 updated
Pedro Sampaio 2022-03-23 17:13:49 UTC Doc Text A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on a server using Go, using the InstrumentHandlerCounter in the version below 1.12, resulting in a loss of availability. A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on a HTTP server using the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.
Pedro Sampaio 2022-03-23 17:15:04 UTC Doc Text A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on a HTTP server using the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server using the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.
Anten Skrabec 2022-03-23 20:04:21 UTC Doc Text A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server using the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.
Anten Skrabec 2022-03-23 20:26:03 UTC Depends On 2067364, 2067378, 2067356, 2067375, 2067347, 2067372, 2067351, 2067366, 2067346, 2067379, 2067350, 2067365, 2067383, 2067376, 2067385, 2067362, 2067353, 2067380, 2067360, 2067381, 2067348, 2067367, 2067369, 2067371, 2067374, 2067349, 2067373, 2067359, 2067363, 2067370, 2067358, 2067361, 2067352, 2067368, 2067355, 2067377, 2067382, 2067386, 2067357, 2067354
Anten Skrabec 2022-03-23 20:35:42 UTC Depends On 2067410, 2067403, 2067413, 2067406, 2067404, 2067436, 2067445, 2067450, 2067401, 2067389, 2067424, 2067431, 2067416, 2067452, 2067433, 2067443, 2067415, 2067444, 2067453, 2067446, 2067439, 2067428, 2067402, 2067398, 2067451, 2067418, 2067449, 2067421, 2067425, 2067420, 2067440, 2067407, 2067397, 2067435, 2067437, 2067394, 2067390, 2067422, 2067426, 2067412, 2067393, 2067447, 2067432, 2067442, 2067441, 2067391, 2067405, 2067417, 2067454, 2067427, 2067409, 2067400, 2067411, 2067438, 2067419, 2067430, 2067434, 2067423, 2067414, 2067395, 2067448, 2067455, 2067399, 2067392, 2067429, 2067396
Anten Skrabec 2022-03-23 20:37:37 UTC Depends On 2067457
Anten Skrabec 2022-03-23 21:03:58 UTC Depends On 2067466, 2067477, 2067480, 2067479, 2067475, 2067469, 2067473, 2067472, 2067468, 2067474, 2067471, 2067467, 2067478, 2067476
Anten Skrabec 2022-03-23 21:09:47 UTC CC alitke, dholler, fdeutsch, phoracek, sgott, stirabos
Anten Skrabec 2022-03-23 21:12:07 UTC CC alitke, dholler, fdeutsch, phoracek, sgott, stirabos
Anten Skrabec 2022-03-23 21:25:46 UTC CC alazar, ewolinet, joelsmith, lgamliel, lhinds, mfilanov
Anten Skrabec 2022-03-23 21:36:16 UTC CC alazar, ewolinet, joelsmith, lgamliel, lhinds, mfilanov
Anten Skrabec 2022-03-23 23:40:41 UTC Depends On 2067706
Anten Skrabec 2022-03-24 03:59:40 UTC Depends On 2067761, 2067741, 2067734, 2067767, 2067737, 2067764, 2067762, 2067744, 2067769, 2067758, 2067733, 2067740, 2067763, 2067757, 2067738, 2067739, 2067731, 2067747, 2067750, 2067745, 2067754, 2067749, 2067760, 2067766, 2067765, 2067751, 2067736, 2067768, 2067743, 2067735, 2067746, 2067752, 2067759, 2067732, 2067748, 2067755, 2067742, 2067753, 2067756
Anten Skrabec 2022-03-24 04:09:35 UTC Depends On 2067776, 2067794, 2067807, 2067786, 2067788, 2067799, 2067806, 2067793, 2067779, 2067787, 2067804, 2067814, 2067789, 2067798, 2067781, 2067813, 2067783, 2067812, 2067780, 2067802, 2067797, 2067792, 2067808, 2067790, 2067805, 2067791, 2067801, 2067775, 2067796, 2067800, 2067803, 2067795, 2067777, 2067785, 2067782, 2067778, 2067809, 2067784, 2067811, 2067810
Anten Skrabec 2022-03-24 04:18:09 UTC Depends On 2067854, 2067846, 2067842, 2067856, 2067819, 2067845, 2067825, 2067833, 2067844, 2067831, 2067847, 2067839, 2067828, 2067827, 2067855, 2067823, 2067821, 2067834, 2067820, 2067824, 2067837, 2067817, 2067843, 2067848, 2067818, 2067829, 2067836, 2067840, 2067849, 2067832, 2067841, 2067822, 2067835, 2067826, 2067857, 2067830, 2067816, 2067850, 2067851, 2067852, 2067853, 2067838
Anten Skrabec 2022-03-24 04:32:46 UTC Depends On 2067877, 2067894, 2067889, 2067878, 2067888, 2067873, 2067884, 2067879, 2067890, 2067869, 2067880, 2067863, 2067860, 2067899, 2067867, 2067892, 2067871, 2067883, 2067859, 2067891, 2067882, 2067872, 2067893, 2067868, 2067896, 2067874, 2067864, 2067861, 2067887, 2067875, 2067865, 2067881, 2067886, 2067898, 2067876, 2067866, 2067870, 2067895, 2067862, 2067885
Anten Skrabec 2022-03-24 05:00:13 UTC Depends On 2067915, 2067914, 2067907, 2067908, 2067905, 2067904, 2067909, 2067916, 2067912, 2067902, 2067913, 2067906, 2067901, 2067911, 2067917, 2067903, 2067910
Yaakov Selkowitz 2022-03-24 05:06:09 UTC CC yselkowi
Anten Skrabec 2022-03-24 05:21:25 UTC Depends On 2067928, 2067930, 2067934, 2067923, 2067933, 2067944, 2067927, 2067922, 2067924, 2067926, 2067937, 2067921, 2067939, 2067941, 2067932, 2067935, 2067929, 2067919, 2067938, 2067936, 2067931, 2067942, 2067925, 2067943, 2067920, 2067940
Mauro Matteo Cascella 2022-03-24 14:45:03 UTC Depends On 2068158, 2068152, 2068164, 2068162, 2068165, 2068160, 2068155, 2068166, 2068163, 2068154, 2068156, 2068161, 2068157, 2068150, 2068167, 2068169, 2068168, 2068151, 2068153, 2068159
Mauro Matteo Cascella 2022-03-24 15:04:35 UTC Comment 0 updated
Przemyslaw Roguski 2022-03-24 17:47:33 UTC Depends On 2068230
Przemyslaw Roguski 2022-03-24 17:50:30 UTC Depends On 2068232
Przemyslaw Roguski 2022-03-24 17:55:10 UTC Depends On 2066491
Przemyslaw Roguski 2022-03-24 17:56:07 UTC Depends On 2066492
Pierre Prinetti 2022-04-04 07:12:54 UTC Depends On 2071538
Tomas Hoger 2022-04-06 11:58:49 UTC Depends On 2070587
Tomas Hoger 2022-04-06 11:58:55 UTC Depends On 2070589
Tomas Hoger 2022-04-06 11:59:02 UTC Depends On 2070590
Tomas Hoger 2022-04-06 11:59:07 UTC Depends On 2070592
Tomas Hoger 2022-04-06 11:59:12 UTC Depends On 2070593
Anten Skrabec 2022-04-07 19:48:27 UTC Depends On 2073167
errata-xmlrpc 2022-04-20 22:57:38 UTC Link ID Red Hat Product Errata RHSA-2022:1461
errata-xmlrpc 2022-04-21 13:15:54 UTC Link ID Red Hat Product Errata RHSA-2022:1356
Product Security DevOps Team 2022-04-21 16:09:55 UTC Resolution --- ERRATA
Status NEW CLOSED
Last Closed 2022-04-21 16:09:55 UTC
Jeff Fearn 🐞 2022-05-03 00:25:59 UTC CC aos-apiserver-staff
Brenton Leanhardt 2022-05-06 12:34:05 UTC CC aos-team-ota
Brenton Leanhardt 2022-05-06 12:34:46 UTC CC aos-team-ota
errata-xmlrpc 2022-05-10 13:18:07 UTC Link ID Red Hat Product Errata RHSA-2022:1762
errata-xmlrpc 2022-05-11 01:09:26 UTC Link ID Red Hat Product Errata RHBA-2022:2176
Thomas Jungblut 2022-05-11 11:09:13 UTC Depends On 2077498
errata-xmlrpc 2022-05-11 18:50:47 UTC Link ID Red Hat Product Errata RHSA-2022:2216
errata-xmlrpc 2022-05-11 19:52:22 UTC CC tflannag
Link ID Red Hat Product Errata RHSA-2022:2218
errata-xmlrpc 2022-05-11 20:33:44 UTC Link ID Red Hat Product Errata RHSA-2022:2217
Benjamin Gilbert 2022-05-13 18:03:55 UTC CC bgilbert
errata-xmlrpc 2022-05-18 15:55:20 UTC Link ID Red Hat Product Errata RHSA-2022:4667
errata-xmlrpc 2022-05-18 20:26:54 UTC Link ID Red Hat Product Errata RHSA-2022:4668
errata-xmlrpc 2022-05-31 05:42:15 UTC Link ID Red Hat Product Errata RHSA-2022:2280
errata-xmlrpc 2022-06-14 17:42:28 UTC Link ID Red Hat Product Errata RHSA-2022:5026
Tomas Hoger 2022-06-15 20:16:03 UTC Depends On 2070597
Tomas Hoger 2022-06-15 20:16:25 UTC Depends On 2070598
Tomas Hoger 2022-06-15 20:20:02 UTC Depends On 2070599
Christoph Stäbler 2022-07-18 07:50:25 UTC Depends On 2107983
Petr Horáček 2022-08-01 10:48:12 UTC CC phoracek
errata-xmlrpc 2022-08-10 10:08:34 UTC Link ID Red Hat Product Errata RHSA-2022:5068
errata-xmlrpc 2022-08-10 10:23:20 UTC Link ID Red Hat Product Errata RHSA-2022:5070
errata-xmlrpc 2022-08-10 10:34:19 UTC Link ID Red Hat Product Errata RHSA-2022:5069
errata-xmlrpc 2022-08-10 11:36:36 UTC Link ID Red Hat Product Errata RHSA-2022:6042
errata-xmlrpc 2022-08-10 13:14:54 UTC Link ID Red Hat Product Errata RHSA-2022:6040
errata-xmlrpc 2022-08-15 09:17:33 UTC Link ID Red Hat Product Errata RHSA-2022:6061
errata-xmlrpc 2022-08-15 09:46:14 UTC Link ID Red Hat Product Errata RHSA-2022:6066
errata-xmlrpc 2022-08-18 16:04:41 UTC Link ID Red Hat Product Errata RHSA-2022:6051
Sam Fowler 2022-08-18 23:18:38 UTC Depends On 2114962
Avinash Hanwate 2022-08-23 13:13:23 UTC CC tohughes
Depends On 2120648, 2120647
errata-xmlrpc 2022-08-24 13:46:18 UTC Link ID Red Hat Product Errata RHSA-2022:6156
errata-xmlrpc 2022-09-01 01:24:41 UTC Link ID Red Hat Product Errata RHSA-2022:6290
errata-xmlrpc 2022-09-13 02:09:58 UTC Link ID Red Hat Product Errata RHSA-2022:6430
Jan Kurik 2022-09-13 05:41:27 UTC CC jkurik
errata-xmlrpc 2022-09-14 19:27:26 UTC Link ID Red Hat Product Errata RHSA-2022:6526
errata-xmlrpc 2022-09-20 08:13:49 UTC Link ID Red Hat Product Errata RHSA-2022:6537
errata-xmlrpc 2022-10-31 10:58:51 UTC Link ID Red Hat Product Errata RHSA-2022:7261
Przemyslaw Roguski 2022-11-04 09:54:35 UTC Depends On 2067892
errata-xmlrpc 2022-11-08 09:25:32 UTC Link ID Red Hat Product Errata RHSA-2022:7519
errata-xmlrpc 2022-11-08 09:28:01 UTC Link ID Red Hat Product Errata RHSA-2022:7529
errata-xmlrpc 2022-11-15 10:05:54 UTC Link ID Red Hat Product Errata RHSA-2022:8057
errata-xmlrpc 2023-01-17 19:37:00 UTC Link ID Red Hat Product Errata RHSA-2022:7399
errata-xmlrpc 2023-01-30 05:48:23 UTC Link ID Red Hat Product Errata RHSA-2022:9096
errata-xmlrpc 2023-02-07 06:18:44 UTC Link ID Red Hat Product Errata RHSA-2023:0566
Yadnyawalk Tale 2023-02-09 10:41:50 UTC CC ytale
errata-xmlrpc 2023-02-15 05:11:24 UTC Link ID Red Hat Product Errata RHSA-2023:0652
errata-xmlrpc 2023-03-14 11:26:06 UTC Link ID Red Hat Product Errata RHSA-2023:1158
Yadnyawalk Tale 2023-03-17 06:53:07 UTC Depends On 2168547
Joel Smith 2023-03-24 15:05:35 UTC CC joelsmith
errata-xmlrpc 2023-05-02 01:53:14 UTC Link ID Red Hat Product Errata RHSA-2023:2014
errata-xmlrpc 2023-05-17 22:31:04 UTC Link ID Red Hat Product Errata RHSA-2023:1326
Chess Hazlett 2023-07-17 18:59:23 UTC CC ataylor, jross, rkieley

Back to bug 2045880