{"affected":[{"ecosystem_specific":{"binaries":[{"amber-cli":"1.13.1+git20250329.c2e3bb8-150600.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP6","name":"amber-cli","purl":"pkg:rpm/suse/amber-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.13.1+git20250329.c2e3bb8-150600.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"amber-cli":"1.13.1+git20250329.c2e3bb8-150600.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP7","name":"amber-cli","purl":"pkg:rpm/suse/amber-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.13.1+git20250329.c2e3bb8-150600.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"amber-cli":"1.13.1+git20250329.c2e3bb8-150600.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"amber-cli","purl":"pkg:rpm/opensuse/amber-cli&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.13.1+git20250329.c2e3bb8-150600.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for amber-cli fixes the following issues:\n\n- Update to version 1.13.1+git20250329.c2e3bb8:\n  * CVE-2025-30204: Fixed jwt-go excessive memory \n    allocation during header parsing (bsc#1240511)\n  * jwt version upgrade (#174)\n  * Update policy size limit to 20k (#173)\n  * Update tenant user model with latest changes (#172)\n  * Fix/workflow (#171)\n  * Upgrade GO version to 1.23.6 (#170)\n  * Update golang jwt dependency (#169)\n  * Update TMS roles struct (#167)\n  * Update jwt dependency version (#165)\n  * Add changes to support JWT (#163)\n  * Update roles struct to be in sync with TMS (#164)\n  * go upgrade to 1.22.7 (#162)\n  * CASSINI-22266: Added permissions in ci workflow files (#153)\n  * Add check for missing Security.md file (#150)\n  * Go version upgrade to 1.22.5 (#148)\n  * CLI changes (#140)\n  * Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#147)\n  * Update product model to include multiple plan IDs (#146)\n  * Updated the help section (#145)\n  * Mark policy type field as not required (#144)\n  * Upgrade/goversion 1.22.3 (#143)\n  * Remove policy type and attestation type check for policy creation (#142)\n  * Go version upgrade  1.22.2 (#141)\n  * Fix error message to include the correct set of characters (#138)\n  * UT coverage 80.9% (#137)\n  * Fix push installer workflow (#136)\n  * 3rd party versions upgrade (#133)\n  * GO version upgrade to 1.22.0 (#132)\n  * Fix/go version 1.21.6 (#127)\n  * Update API key validation regex as per latest changes (#125)\n  * Update API key validation regex as per latest changes (#124)\n  * dependency version upgrade (#123)\n  * Update tag create model (#121)\n  * CASSINI-10113: Add scans in CI (#99)\n  * corrected minor check condition (#120)\n  * Add check to validate env variable before setting (#119)\n  * Add version-check script (#118)\n  * Add file path check for invalid characters (#116)\n  * Update compoenent version (#117)\n  * Update README as per suggestions (#113) (#115)\n  * Added HTTP scheme validation to avoid API Key leakage (#108)\n  * CASSINI-10987 Golang version upgrade to 1.21.4 (#114)\n  * Update policy model as per the latest changes (#109)\n  * Remove branch info from on schedule (#106)\n  * Add BDBA scan to CI (#104)\n  * Update CLI URL (#105)\n  * updated licenses (#102)\n  * Updated version of all components to v1.0.0 for GA (#100)\n  * Validate the email id input before requesting list of users (#98)\n  * Remove redundant print statements (#97)\n  * Request ID and trace ID should be visible on the console for errors as well (#96)\n  * Update sample policy as per token profile update changes (#95)\n  * Update CLI name from tenantclt to inteltrustauthority (#93)\n  * Update the headers for request and trace id (#94)\n  * cassini-9466-Go version update to 1.20.6 (#91)\n  * Add retry logic to client in tenant CLI (#92)\n  * Add request-id optional parameter for each command (#90)\n\n- Override build date with SOURCE_DATE_EPOCH (bsc#1047218)\n","id":"SUSE-SU-2025:02769-1","modified":"2025-08-12T13:49:30Z","published":"2025-08-12T13:49:30Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502769-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047218"},{"type":"REPORT","url":"https://bugzilla.suse.com/1240511"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-30204"}],"related":["CVE-2025-30204"],"summary":"Security update for amber-cli","upstream":["CVE-2025-30204"]}