[DFBUGS-922] CVE-2024-45296 odf-console-container: Backtracking regular expressions cause ReDoS [openshift-data-foundation-4.15.z]

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: odf-4.15.9
Affects Version/s: odf-4.15.z
Component/s: management-console
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Dev Approval:
Committed
Docs Approval:
?
PM Approval:
?
Prod build version:
4.15.9-1
QE Approval:
Committed
Target Release:

odf-4.15.9
Intelligence Requested:
Market:

Target Version:

odf-4.15.9

Regression:
None

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Verification: check in the container image build logs that the fixed
version for "path-to-regexp" are downloaded/used:
│ └─┬ react-router@5.3.4
│ └── path-to-regexp@1.9.0 <=== fixed version

is cloned by

DFBUGS-923 CVE-2024-45296 odf-console-container: Backtracking regular expressions cause ReDoS [openshift-data-foundation-4.14.z]

Closed

links to

red-hat-storage/odf-console#1708: DFBUGS-922: [release-4.15] Fix security issue: Backtracking regular expressions

red-hat-storage/odf-console#1709: DFBUGS-922: [release-4.15-compatibility] Fix security issue: Backtracking regular expressions

red-hat-storage/odf-console#1777: Bug DFBUGS-922: [release-4.15] Reverting back CVE fix for DFBUGS-922 and DFBUGS-934

red-hat-storage/odf-console#1778: Bug DFBUGS-922: [release-4.15-compatibility] Reverting back CVE fix for DFBUGS-922 and DFBUGS-934

red-hat-storage/odf-console#1798: DFBUGS-922: [release-4.15] Revert: Reverting CVE fix for DFBUGS-922 and DFBUGS-934

red-hat-storage/odf-console#1799: DFBUGS-922: [release-4.15-compatibility] Revert: Reverting fix for DFBUGS-922 …

RHBA-2024:144276 Red Hat OpenShift Data Foundation 4.15.9 Bug Fix Update

(3 links to)

Alfonso Martínez Hidalgo created issue - 2024/11/25 9:08 AM

Data Foundation bot made changes - 2024/11/25 9:08 AM

Fix Version/s

New: odf-4.18 [ 12430921 ]

Alfonso Martínez Hidalgo made changes - 2024/11/25 9:09 AM

Assignee

Original: Anjana Sriram [ asriram@redhat.com ]

New: Alfonso Martínez Hidalgo [ almartin-storage-ocs ]

OpenShift Prow Bot made changes - 2024/11/25 9:10 AM

Status

Original: New [ 10016 ]

New: POST [ 15726 ]

OpenShift Prow Bot made changes - 2024/11/25 9:10 AM

Remote Link

New: This issue links to "red-hat-storage/odf-console#1708: ~~DFBUGS-922~~: [release-4.15] Fix security issue: Backtracking regular expressions (Web Link)" [ 1861030 ]

DPTP Bot made changes - 2024/11/25 9:22 AM

Remote Link

New: This issue links to "red-hat-storage/odf-console#1709: ~~DFBUGS-922~~: [release-4.15-compatibility] Fix security issue: Backtracking regular expressions (Web Link)" [ 1860894 ]

Alfonso Martínez Hidalgo made changes - 2024/11/25 9:22 AM

Dev Approval

Original: ? [ 17170 ]

New: Committed [ 15271 ]

Alfonso Martínez Hidalgo made changes - 2024/11/25 9:24 AM

Target Release

Original: odf-4.18 [ 12430921 ]

New: odf-4.15.8 [ 12435464 ]

Alfonso Martínez Hidalgo made changes - 2024/11/25 9:24 AM

Fix Version/s		New: odf-4.15.z [ 12435505 ]
Fix Version/s	Original: odf-4.18 [ 12430921 ]

Data Foundation bot made changes - 2024/11/25 9:24 AM

Dev Approval

Original: Committed [ 15271 ]

New: ? [ 17170 ]

Alfonso Martínez Hidalgo made changes - 2024/11/25 9:26 AM

Component/s		New: management-console [ 12402188 ]
Affects Version/s		New: odf-4.15.z [ 12435505 ]

Data Foundation bot made changes - 2024/11/25 9:26 AM

Assignee

Original: Alfonso Martínez Hidalgo [ almartin-storage-ocs ]

New: Nishanth Thomas [ rhn-engineering-nthomas ]

Alfonso Martínez Hidalgo made changes - 2024/11/25 9:30 AM

Assignee

Original: Nishanth Thomas [ rhn-engineering-nthomas ]

New: Alfonso Martínez Hidalgo [ almartin-storage-ocs ]

Alfonso Martínez Hidalgo made changes - 2024/11/25 9:30 AM

Link

New: This issue is cloned by ~~DFBUGS-923~~ [ ~~DFBUGS-923~~ ]

Alfonso Martínez Hidalgo made changes - 2024/11/25 11:32 AM

Target Release

Original: odf-4.15.8 [ 12435464 ]

Alfonso Martínez Hidalgo made changes - 2024/11/25 11:32 AM

Dev Approval

Original: ? [ 17170 ]

New: Committed [ 15271 ]

Eran Tamir made changes - 2024/11/25 2:15 PM

Target Release

New: odf-4.15.z [ 12435505 ]

Eran Tamir made changes - 2024/11/25 2:31 PM

Fix Version/s

Original: odf-4.15.z [ 12435505 ]

Nishanth Thomas made changes - 2024/12/12 12:20 PM

Target Release

Original: odf-4.15.z [ 12435505 ]

New: odf-4.15.9 [ 12435530 ]

Data Foundation bot made changes - 2024/12/12 12:20 PM

Dev Approval

Original: Committed [ 15271 ]

New: ? [ 17170 ]

Krishnaram Karthick Ramdoss made changes - 2024/12/12 12:35 PM

QE Approval

Original: ? [ 17171 ]

New: Committed [ 15292 ]

Gowtham Shanmugasundaram made changes - 2024/12/12 12:38 PM

Dev Approval

Original: ? [ 17170 ]

New: Committed [ 15271 ]

Data Foundation bot made changes - 2024/12/12 12:38 PM

Fix Version/s		New: odf-4.15.9 [ 12435530 ]
Target Version		New: odf-4.15.9 [ 12435530 ]

Data Foundation bot made changes - 2024/12/12 12:38 PM

Need Info From

New: Alfonso Martínez Hidalgo [ almartin ]

Alfonso Martínez Hidalgo made changes - 2024/12/12 1:19 PM

Need Info From

Original: Alfonso Martínez Hidalgo [ almartin ]

OpenShift Prow Bot made changes - 2024/12/13 12:16 PM

Status

Original: POST [ 15726 ]

New: MODIFIED [ 14454 ]

Sanjal Katiyar made changes - 2024/12/16 8:06 AM

Status

Original: MODIFIED [ 14454 ]

New: POST [ 15726 ]

OpenShift Prow Bot made changes - 2024/12/16 9:51 AM

Status

Original: POST [ 15726 ]

New: MODIFIED [ 14454 ]

DPTP Bot made changes - 2024/12/16 5:15 PM

Remote Link

New: This issue links to "red-hat-storage/odf-console#1777: [release-4.15] Reverting back CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1884804 ]

DPTP Bot made changes - 2024/12/16 5:20 PM

Remote Link

New: This issue links to "red-hat-storage/odf-console#1778: [release-4.15] Reverting back CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1884805 ]

DPTP Bot made changes - 2024/12/17 8:16 AM

Remote Link

Original: This issue links to "red-hat-storage/odf-console#1778: [release-4.15] Reverting back CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1884805 ]

New: This issue links to "red-hat-storage/odf-console#1778: [release-4.15-compatibility] Reverting back CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1884805 ]

Gowtham Shanmugasundaram made changes - 2024/12/17 11:10 AM

Status

Original: MODIFIED [ 14454 ]

New: POST [ 15726 ]

DPTP Bot made changes - 2024/12/17 11:11 AM

Remote Link

Original: This issue links to "red-hat-storage/odf-console#1777: [release-4.15] Reverting back CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1884804 ]

New: This issue links to "red-hat-storage/odf-console#1777: Bug ~~DFBUGS-922~~: [release-4.15] Reverting back CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1884804 ]

DPTP Bot made changes - 2024/12/17 11:11 AM

Remote Link

Original: This issue links to "red-hat-storage/odf-console#1778: [release-4.15-compatibility] Reverting back CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1884805 ]

New: This issue links to "red-hat-storage/odf-console#1778: Bug ~~DFBUGS-922~~: [release-4.15] Reverting back CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1884805 ]

DPTP Bot made changes - 2024/12/17 11:12 AM

Remote Link

Original: This issue links to "red-hat-storage/odf-console#1778: Bug ~~DFBUGS-922~~: [release-4.15] Reverting back CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1884805 ]

New: This issue links to "red-hat-storage/odf-console#1778: Bug ~~DFBUGS-922~~: [release-4.15-compatibility] Reverting back CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1884805 ]

OpenShift Prow Bot made changes - 2024/12/18 1:36 PM

Status

Original: POST [ 15726 ]

New: MODIFIED [ 14454 ]

DPTP Bot made changes - 2024/12/18 3:56 PM

Remote Link

New: This issue links to "red-hat-storage/odf-console#1798: ~~DFBUGS-922~~: [release-4.15] Revert: Reverting CVE fix for ~~DFBUGS-922~~ and DFBUGS-934 (Web Link)" [ 1888615 ]

Alfonso Martínez Hidalgo made changes - 2024/12/18 3:56 PM

Status

Original: MODIFIED [ 14454 ]

New: POST [ 15726 ]

DPTP Bot made changes - 2024/12/18 4:03 PM

Remote Link

New: This issue links to "red-hat-storage/odf-console#1799: ~~DFBUGS-922~~: [release-4.15-compatibility] Revert: Reverting fix for ~~DFBUGS-922~~ … (Web Link)" [ 1888664 ]

OpenShift Prow Bot made changes - 2024/12/18 5:34 PM

Status

Original: POST [ 15726 ]

New: MODIFIED [ 14454 ]

Gowtham Shanmugasundaram made changes - 2024/12/19 10:30 AM

Link

New: This issue is depended on by DFBUGS-69 [ DFBUGS-69 ]

Gowtham Shanmugasundaram made changes - 2024/12/19 10:31 AM

Link

New: This issue is depended on by DFBUGS-259 [ DFBUGS-259 ]

Gowtham Shanmugasundaram made changes - 2024/12/19 10:32 AM

Link

New: This issue is depended on by DFBUGS-212 [ DFBUGS-212 ]

Gowtham Shanmugasundaram made changes - 2024/12/19 10:33 AM

Link

New: This issue is depended on by DFBUGS-677 [ DFBUGS-677 ]

Gowtham Shanmugasundaram made changes - 2024/12/19 10:35 AM

Link

New: This issue is depended on by DFBUGS-255 [ DFBUGS-255 ]

Boris Ranto made changes - 2024/12/23 2:59 PM

Status

Original: MODIFIED [ 14454 ]

New: ON_QA [ 15723 ]

Boris Ranto made changes - 2024/12/23 2:59 PM

Prod build version

New: 4.15.9-1

Errata Tool made changes - 2024/12/23 3:00 PM

Remote Link

New: This issue links to "~~RHBA-2024~~:144276 (Web Link)" [ 1892025 ]

Shivam Durgbuns made changes - 2025/01/08 6:16 AM

Status

Original: ON_QA [ 15723 ]

New: Verified [ 10015 ]

Errata Tool made changes - 2025/01/09 11:28 AM

Resolution		New: Done-Errata [ 10803 ]
Status	Original: Verified [ 10015 ]	New: Closed [ 6 ]

Assignee:: Alfonso Martínez Hidalgo

Reporter:: Alfonso Martínez Hidalgo

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 2024/11/25 9:08 AM

Updated:: 2025/01/09 11:28 AM

Resolved:: 2025/01/09 11:28 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty