Bug 1885311 (CVE-2020-25623)
| Summary: | CVE-2020-25623 Erlang/OTP: allows attackers to read arbitrary files via a crafted HTTP request | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | apevec, cmeyers, dbecker, gblomqui, gmainwar, jeckersb, jjoyce, jschluet, lemenkov, lhh, lpeer, mabashia, mburns, notting, plemenko, rhbugs, rjones, rpetrell, sclewis, slinaber, smcdonal, s |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | erlang 22.3.4.6, erlang 23.1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-06 02:21:20 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1884726 | ||
|
Description
Guilherme de Almeida Suckevicz
2020-10-05 15:07:11 UTC
Marking Red Hat OpenStack Platform notaffected as all versions we ship (18.3.4.11, 20.3.8.24, 21.3.8.13) is below the version which this vulnerability is introduced (22.3.1 & 23.0). External References: https://erlang.org/download/OTP-23.1.README Ansible Tower 3.6 and earlier use Erlang 20.3.8.x and are therefore not affected by this bug. (Ansible Tower 3.7 and later do not use Erlang at all.) This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25623 |