Bug 2215854

Summary: RedHat analysis on the vulnerabilities - CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 CVE-2023-29402
Product: Red Hat Enterprise Linux 8 Reporter: Gandhimathy <gandhi.srini>
Component: golangAssignee: David Benoit <dbenoit>
Status: CLOSED COMPLETED QA Contact: qe-baseos-tools-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.8CC: asm, emachado, sipoyare, tstellar
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-10 13:27:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gandhimathy 2023-06-19 08:12:25 UTC 
Description of problem:

Looking for Red Hat analysis for the following Golang vulnerablity.
We are using Red Hat 8.8 UBI-

As the CVSScore for the following is 7.8 which is High.
CVE-2023-29403 - https://exchange.xforce.ibmcloud.com/vulnerabilities/257653

As the CVSScore for the following is 9.8 which is Critical.
CVE-2023-29404 - https://exchange.xforce.ibmcloud.com/vulnerabilities/257654
CVE-2023-29405 - https://exchange.xforce.ibmcloud.com/vulnerabilities/257655
CVE-2023-29402 - https://exchange.xforce.ibmcloud.com/vulnerabilities/257652
Comment 1 David Benoit 2023-07-10 13:27:29 UTC 
Information regarding these CVEs should be available at access.redhat.com, reachable via hyperlinks in the title of this bug to the CVEs referenced.  Thanks!