Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.15.0
🔗 CVE IDs covered (7)
📋 Description
CVE-2023-45288 — golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2024-6104 — go-retryablehttp: url might write sensitive information to log file CVE-2024-24783 — golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-28180 — jose-go: improper handling of highly compressed data CVE-2024-35255 — azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity CVE-2024-45337 — golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto CVE-2024-45338 — golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2025:0536
- externalhttps://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html
- externalhttps://access.redhat.com/security/cve/CVE-2024-35255
- externalhttps://access.redhat.com/security/cve/CVE-2023-45288
- externalhttps://access.redhat.com/security/cve/CVE-2024-24783
- externalhttps://access.redhat.com/security/cve/CVE-2024-28180
- externalhttps://access.redhat.com/security/cve/CVE-2024-6104
- externalhttps://access.redhat.com/security/cve/CVE-2024-45337
- externalhttps://access.redhat.com/security/cve/CVE-2024-45338
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0536.json