RHSA-2024:3920 - Security Advisory

Topic

Migration Toolkit for Runtimes 1.2.6 release
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Migration Toolkit for Runtimes 1.2.6 ZIP artifacts

Security Fix(es):

• axios: exposure of confidential data stored in cookies (CVE-2023-45857)
• follow-redirects: Possible credential leak (CVE-2024-28849)
• commons-configuration2: various flaws (CVE-2024-29131)
• commons-configuration2: various flaws (CVE-2024-29133)
• webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

The References section of this erratum contains a download link (you must log in to download the update).

Affected Products

• Red Hat Migration Toolkit for Runtimes Advisory Metadata x86_64

Fixes

• WINDUPRULE-1049 - Broken links need replacing

CVEs

• CVE-2023-45857
• CVE-2024-28849
• CVE-2024-29131
• CVE-2024-29133
• CVE-2024-29180

References

• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions