All the vulnerabilites related to Red Hat - OpenShift Developer Tools and Services
cve-2024-1394
Vulnerability from cvelistv5
Published
2024-03-21 12:16
Modified
2024-09-16 16:23
Severity
Summary
Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1394", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-21T18:21:05.099385Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T13:50:55.732Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:40:20.583Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1462", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1462" }, { "name": "RHSA-2024:1468", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1468" }, { "name": "RHSA-2024:1472", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1472" }, { "name": "RHSA-2024:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1501" }, { "name": "RHSA-2024:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1502" }, { "name": "RHSA-2024:1561", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1561" }, { "name": "RHSA-2024:1563", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1563" }, { "name": "RHSA-2024:1566", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1566" }, { "name": "RHSA-2024:1567", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1567" }, { "name": "RHSA-2024:1574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1574" }, { "name": "RHSA-2024:1640", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1640" }, { "name": "RHSA-2024:1644", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1644" }, { "name": "RHSA-2024:1646", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1646" }, { "name": "RHSA-2024:1763", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1763" }, { "name": "RHSA-2024:1897", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1897" }, { "name": "RHSA-2024:2562", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2562" }, { "name": "RHSA-2024:2568", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2568" }, { "name": "RHSA-2024:2569", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2569" }, { "name": "RHSA-2024:2729", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2729" }, { "name": "RHSA-2024:2730", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2730" }, { "name": "RHSA-2024:2767", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2767" }, { "name": "RHSA-2024:3265", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3265" }, { "name": "RHSA-2024:3352", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3352" }, { "name": "RHSA-2024:4146", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4146" }, { "name": "RHSA-2024:4371", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4371" }, { "name": "RHSA-2024:4378", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4378" }, { "name": "RHSA-2024:4379", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4379" }, { "name": "RHSA-2024:4502", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4502" }, { "name": "RHSA-2024:4581", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4581" }, { "name": "RHSA-2024:4591", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4591" }, { "name": "RHSA-2024:4672", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4672" }, { "name": "RHSA-2024:4699", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4699" }, { "name": "RHSA-2024:4761", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4761" }, { "name": "RHSA-2024:4762", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4762" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1394" }, { "name": "RHBZ#2262921", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921" }, { "tags": [ "x_transferred" ], "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136" }, { "tags": [ "x_transferred" ], "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6" }, { "tags": [ "x_transferred" ], "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2660" }, { "tags": [ "x_transferred" ], "url": "https://vuln.go.dev/ID/GO-2024-2660.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el9" ], "defaultStatus": "affected", "packageName": "receptor", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.4.5-1.el8ap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el9" ], "defaultStatus": "affected", "packageName": "receptor", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.4.5-1.el9ap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:devtools:2023::el7" ], "defaultStatus": "affected", "packageName": "go-toolset-1.19-golang", "product": "Red Hat Developer Tools", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.19.13-6.el7_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "go-toolset:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8090020240313170136.26eb71ac", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-8.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-16.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240808093819.afee755d", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.20.12-2.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-8.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.21.9-2.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-16.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.33.7-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-5.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "gvisor-tap-vsock", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "6:0.7.3-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.14.3-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:9.0::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.2.0-4.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:9.0::appstream" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.0.1-6.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.19.13-7.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.4.1-20.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.23.4-5.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.16.0-2.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.1.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.5-13.1.rhaos4.12.git76343da.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.0-2.2.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.14.0-7.1.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.2.0-7.2.rhaos4.12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:1.1.6-5.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.9.4-3.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-2.2.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.1.rhaos4.13.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.0-4.1.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.15.0-7.1.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-5.2.rhaos4.13.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.1.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-2.2.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.19.0-1.3.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.2.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.0-3.1.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.1.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ose-aws-ecr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-11.3.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-10.3.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-10.4.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.19.0-1.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "conmon", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:2.1.7-3.4.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.3.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.0-3.2.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.2.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift4-aws-iso", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-ansible", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift-kuryr", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "ose-aws-ecr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-11.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.2.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-10.4.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9" ], "defaultStatus": "affected", "packageName": "microshift", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "414.92.202407300859-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-20.3.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.20.0-1.1.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.2.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.0-3.1.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.1.rhaos4.15.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "ose-aws-ecr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-21.1.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.1.rhaos4.15.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-21.2.rhaos4.15.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "microshift", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "415.92.202407191425-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2::el8" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.3.23-16.el8ost", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1::el8" ], "defaultStatus": "affected", "packageName": "collectd-sensubility", "product": "Red Hat OpenStack Platform 17.1 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.2.1-3.el8ost", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1::el9" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.4.26-8.el9ost", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1::el9" ], "defaultStatus": "affected", "packageName": "collectd-sensubility", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.2.1-3.el9ost", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.16::el9" ], "defaultStatus": "affected", "packageName": "odf4/mcg-operator-bundle", "product": "RHODF-4.16-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-137", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.16::el9" ], "defaultStatus": "affected", "packageName": "odf4/mcg-rhel9-operator", "product": "RHODF-4.16-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-38", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:network_bound_disk_encryption_tang:1" ], "defaultStatus": "affected", "packageName": "tang-operator-bundle-container", "product": "NBDE Tang Server", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "helm", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "odo", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_pipelines:1" ], "defaultStatus": "affected", "packageName": "openshift-pipelines-client", "product": "OpenShift Pipelines", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "packageName": "openshift-serverless-clients", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform" ], "defaultStatus": "affected", "packageName": "helm", "product": "Red Hat Ansible Automation Platform 1.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat Ansible Automation Platform 1.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:certifications:1::el8" ], "defaultStatus": "affected", "packageName": "redhat-certification-preflight", "product": "Red Hat Certification for Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:certifications:1::el9" ], "defaultStatus": "affected", "packageName": "redhat-certification-preflight", "product": "Red Hat Certification for Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "buildah", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "containernetworking-plugins", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "host-metering", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "podman", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "rhc-worker-script", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/buildah", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/conmon", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/containernetworking-plugins", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/podman", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/runc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/skopeo", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/toolbox", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "git-lfs", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "rhc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "weldr-client", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "git-lfs", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "toolbox", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "weldr-client", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "conmon-rs", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "golang-github-prometheus-promu", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "lifecycle-agent-operator-bundle-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unknown", "packageName": "openshift4/bare-metal-event-relay-operator-bundle", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/numaresources-operator-bundle", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-cluster-machine-approver", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_container_storage:4" ], "defaultStatus": "unknown", "packageName": "mcg", "product": "Red Hat Openshift Container Storage 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_devspaces:3::el8" ], "defaultStatus": "affected", "packageName": "devspaces/machineexec-rhel8", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_gitops:1" ], "defaultStatus": "affected", "packageName": "openshift-gitops-1/gitops-operator-bundle", "product": "Red Hat OpenShift GitOps", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_service_on_aws:1" ], "defaultStatus": "affected", "packageName": "rosa", "product": "Red Hat OpenShift on AWS", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "unaffected", "packageName": "kubevirt", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.1" ], "defaultStatus": "unknown", "packageName": "etcd", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.1" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.1" ], "defaultStatus": "unaffected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "golang-github-infrawatch-apputils", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "unaffected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "golang-github-infrawatch-apputils", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "unaffected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:18.0" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 18.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "qpid-proton", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "skupper-cli", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "skupper-router", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-git227-git-lfs", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:storage:3" ], "defaultStatus": "unknown", "packageName": "heketi", "product": "Red Hat Storage 3", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue." } ], "datePublic": "2024-03-20T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T16:23:07.003Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1462", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1462" }, { "name": "RHSA-2024:1468", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1468" }, { "name": "RHSA-2024:1472", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1472" }, { "name": "RHSA-2024:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1501" }, { "name": "RHSA-2024:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1502" }, { "name": "RHSA-2024:1561", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1561" }, { "name": "RHSA-2024:1563", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1563" }, { "name": "RHSA-2024:1566", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1566" }, { "name": "RHSA-2024:1567", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1567" }, { "name": "RHSA-2024:1574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1574" }, { "name": "RHSA-2024:1640", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1640" }, { "name": "RHSA-2024:1644", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1644" }, { "name": "RHSA-2024:1646", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1646" }, { "name": "RHSA-2024:1763", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1763" }, { "name": "RHSA-2024:1897", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1897" }, { "name": "RHSA-2024:2562", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2562" }, { "name": "RHSA-2024:2568", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2568" }, { "name": "RHSA-2024:2569", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2569" }, { "name": "RHSA-2024:2729", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2729" }, { "name": "RHSA-2024:2730", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2730" }, { "name": "RHSA-2024:2767", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2767" }, { "name": "RHSA-2024:3265", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3265" }, { "name": "RHSA-2024:3352", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3352" }, { "name": "RHSA-2024:4146", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4146" }, { "name": "RHSA-2024:4371", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4371" }, { "name": "RHSA-2024:4378", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4378" }, { "name": "RHSA-2024:4379", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4379" }, { "name": "RHSA-2024:4502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4502" }, { "name": "RHSA-2024:4581", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4581" }, { "name": "RHSA-2024:4591", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4591" }, { "name": "RHSA-2024:4672", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4672" }, { "name": "RHSA-2024:4699", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4699" }, { "name": "RHSA-2024:4761", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4761" }, { "name": "RHSA-2024:4762", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4762" }, { "name": "RHSA-2024:4960", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4960" }, { "name": "RHSA-2024:5258", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5258" }, { "name": "RHSA-2024:5634", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5634" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1394" }, { "name": "RHBZ#2262921", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921" }, { "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136" }, { "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6" }, { "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2660" }, { "url": "https://vuln.go.dev/ID/GO-2024-2660.json" } ], "timeline": [ { "lang": "en", "time": "2024-02-06T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-03-20T00:00:00+00:00", "value": "Made public." } ], "title": "Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1394", "datePublished": "2024-03-21T12:16:38.790Z", "dateReserved": "2024-02-09T06:02:35.056Z", "dateUpdated": "2024-09-16T16:23:07.003Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1485
Vulnerability from cvelistv5
Published
2024-02-13 23:31
Modified
2024-09-09 19:59
Severity
Summary
Registry-support: decompress can delete files outside scope via relative paths
References
URL | Tags |
---|---|
https://access.redhat.com/security/cve/CVE-2024-1485 | vdb-entry, x_refsource_REDHAT |
https://bugzilla.redhat.com/show_bug.cgi?id=2264106 | issue-tracking, x_refsource_REDHAT |
https://github.com/advisories/GHSA-84xv-jfrm-h4gm | |
https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d | |
https://github.com/devfile/registry-support/pull/197 |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1485", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-21T20:39:09.253403Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:53.512Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:40:21.236Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1485" }, { "name": "RHBZ#2264106", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106" }, { "tags": [ "x_transferred" ], "url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm" }, { "tags": [ "x_transferred" ], "url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d" }, { "tags": [ "x_transferred" ], "url": "https://github.com/devfile/registry-support/pull/197" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "odo", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-console", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Joern Schneeweisz (GitLab Security Research Team) for reporting this issue." } ], "datePublic": "2024-02-05T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "Relative Path Traversal", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:59:33.982Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1485" }, { "name": "RHBZ#2264106", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106" }, { "url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm" }, { "url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d" }, { "url": "https://github.com/devfile/registry-support/pull/197" } ], "timeline": [ { "lang": "en", "time": "2024-02-13T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-05T00:00:00+00:00", "value": "Made public." } ], "title": "Registry-support: decompress can delete files outside scope via relative paths", "workarounds": [ { "lang": "en", "value": "Limit or block the parsing of devfiles from untrusted sources." } ], "x_redhatCweChain": "CWE-349-\u003eCWE-23: Acceptance of Extraneous Untrusted Data With Trusted Data leads to Relative Path Traversal" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1485", "datePublished": "2024-02-13T23:31:14.427Z", "dateReserved": "2024-02-13T21:47:23.979Z", "dateUpdated": "2024-09-09T19:59:33.982Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3727
Vulnerability from cvelistv5
Published
2024-05-09 14:57
Modified
2024-09-16 16:37
Severity
Summary
Containers/image: digest type does not guarantee valid type
References
URL | Tags |
---|---|
https://access.redhat.com/errata/RHSA-2024:0045 | vendor-advisory, x_refsource_REDHAT |
https://access.redhat.com/errata/RHSA-2024:4159 | vendor-advisory, x_refsource_REDHAT |
https://access.redhat.com/errata/RHSA-2024:4613 | vendor-advisory, x_refsource_REDHAT |
https://access.redhat.com/errata/RHSA-2024:4850 | vendor-advisory, x_refsource_REDHAT |
https://access.redhat.com/errata/RHSA-2024:4960 | vendor-advisory, x_refsource_REDHAT |
https://access.redhat.com/errata/RHSA-2024:5258 | vendor-advisory, x_refsource_REDHAT |
https://access.redhat.com/errata/RHSA-2024:5951 | vendor-advisory, x_refsource_REDHAT |
https://access.redhat.com/errata/RHSA-2024:6054 | vendor-advisory, x_refsource_REDHAT |
https://access.redhat.com/security/cve/CVE-2024-3727 | vdb-entry, x_refsource_REDHAT |
https://bugzilla.redhat.com/show_bug.cgi?id=2274767 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-3727", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-13T17:59:41.318223Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:33:13.046Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:20:01.029Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0045", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0045" }, { "name": "RHSA-2024:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4159" }, { "name": "RHSA-2024:4613", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4613" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-3727" }, { "name": "RHBZ#2274767", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-collector-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-3", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-rhel8-operator", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-3", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-3", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "product": "Red Hat Advanced Cluster Security 4.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.5-3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240808093819.afee755d", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-operator-lifecycle-manager", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-5.1.rhaos4.16.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.14.4-1.rhaos4.16.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.29.5-7.rhaos4.16.git7db4ada.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4.15::el9" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-controller-rhel9", "product": "RHEL-9-CNV-4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.15.5-7", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhmt" ], "defaultStatus": "affected", "packageName": "rhmtc/openshift-migration-controller-rhel8", "product": "Migration Toolkit for Containers", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "unaffected", "packageName": "multicluster-engine/agent-service-rhel8", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "unaffected", "packageName": "multicluster-engine/assisted-installer-agent-rhel8", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "unaffected", "packageName": "multicluster-engine/assisted-installer-reporter-rhel8", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "unaffected", "packageName": "multicluster-engine/assisted-installer-rhel8", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "unaffected", "packageName": "multicluster-engine/hive-rhel8", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_api_data_protection:1" ], "defaultStatus": "affected", "packageName": "oadp/oadp-velero-plugin-rhel8", "product": "OpenShift API for Data Protection", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "ocp-tools-4/jenkins-agent-base-rhel8", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "ocp-tools-4/jenkins-rhel8", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/client-kn-rhel8", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "packageName": "openshift-serverless-clients", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:source_to_image:1" ], "defaultStatus": "affected", "packageName": "source-to-image-container", "product": "OpenShift Source-to-Image (S2I) Builder Image", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "unaffected", "packageName": "rhacm2/submariner-rhel8-operator", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-rhel8-operator", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform" ], "defaultStatus": "unaffected", "packageName": "openshift-clients", "product": "Red Hat Ansible Automation Platform 1.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "unaffected", "packageName": "openshift-clients", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "buildah", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "podman", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/buildah", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/conmon", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/containers-common", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:4.0/podman", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/skopeo", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "containers-common", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:3.11" ], "defaultStatus": "unknown", "packageName": "atomic-openshift", "product": "Red Hat OpenShift Container Platform 3.11", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:3.11" ], "defaultStatus": "unknown", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 3.11", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "containers-common", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/oc-mirror-plugin-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-agent-installer-api-server-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-agent-installer-csr-approver-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-agent-installer-node-agent-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-agent-installer-orchestrator-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-baremetal-installer-rhel7", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-cli", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-cli-artifacts", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-deployer", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-docker-builder", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-installer", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-installer-altinfra-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-installer-artifacts", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-machine-config-operator", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-olm-operator-controller-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-olm-rukpak-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-openshift-apiserver-rhel7", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-openshift-proxy-pull-test-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-operator-registry", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-tools-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "ose-installer-terraform-providers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ose-openshift-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:assisted_installer:" ], "defaultStatus": "affected", "packageName": "rhai-tech-preview/assisted-installer-agent-rhel8", "product": "Red Hat OpenShift Container Platform Assisted Installer", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:assisted_installer:" ], "defaultStatus": "affected", "packageName": "rhai-tech-preview/assisted-installer-reporter-rhel8", "product": "Red Hat OpenShift Container Platform Assisted Installer", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:assisted_installer:" ], "defaultStatus": "affected", "packageName": "rhai-tech-preview/assisted-installer-rhel8", "product": "Red Hat OpenShift Container Platform Assisted Installer", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_devspaces:3::el8" ], "defaultStatus": "affected", "packageName": "devspaces/udi-rhel8", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_sandboxed_containers:1" ], "defaultStatus": "affected", "packageName": "openshift-sandboxed-containers-tech-preview/osc-must-gather-rhel8", "product": "Red Hat Openshift sandboxed containers", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_sandboxed_containers:1" ], "defaultStatus": "affected", "packageName": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "product": "Red Hat Openshift sandboxed containers", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-apiserver", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-cloner", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-cloner-rhel9", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-controller", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-importer", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-importer-rhel9", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-operator", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-operator-rhel9", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-uploadproxy", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-uploadserver", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "osp-director-provisioner-container", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quay:3" ], "defaultStatus": "affected", "packageName": "quay/quay-builder-rhel8", "product": "Red Hat Quay 3", "vendor": "Red Hat" } ], "datePublic": "2024-05-09T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-354", "description": "Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T16:37:49.822Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0045", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0045" }, { "name": "RHSA-2024:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4159" }, { "name": "RHSA-2024:4613", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4613" }, { "name": "RHSA-2024:4850", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4850" }, { "name": "RHSA-2024:4960", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4960" }, { "name": "RHSA-2024:5258", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5258" }, { "name": "RHSA-2024:5951", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5951" }, { "name": "RHSA-2024:6054", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6054" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-3727" }, { "name": "RHBZ#2274767", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767" } ], "timeline": [ { "lang": "en", "time": "2024-04-12T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-05-09T00:00:00+00:00", "value": "Made public." } ], "title": "Containers/image: digest type does not guarantee valid type", "x_redhatCweChain": "CWE-354: Improper Validation of Integrity Check Value" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-3727", "datePublished": "2024-05-09T14:57:21.327Z", "dateReserved": "2024-04-12T17:56:37.261Z", "dateUpdated": "2024-09-16T16:37:49.822Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }