Vulnerabilites related to Red Hat - Red Hat Advanced Cluster Management for Kubernetes 2
cve-2024-9779
Vulnerability from cvelistv5
Published
2024-12-17 22:59
Modified
2024-12-18 15:15
Severity ?
EPSS score ?
Summary
A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0.12.0 |
||||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9779", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T15:15:18.122532Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T15:15:33.671Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/open-cluster-management-io", packageName: "open-cluster-management-io", versions: [ { status: "affected", version: "0.12.0", }, { status: "unaffected", version: "0.13.0", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "unaffected", packageName: "open-cluster-management", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Nanzi Yang and Xingyu Liu for reporting this issue.", }, ], datePublic: "2023-11-30T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name \"cluster-manager\" which is bound to a ClusterRole also named \"cluster-manager\", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-501", description: "Trust Boundary Violation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-17T22:59:07.511Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9779", }, { name: "RHBZ#2317916", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317916", }, { url: "https://github.com/open-cluster-management-io/ocm/pull/325", }, { url: "https://github.com/open-cluster-management-io/ocm/releases/tag/v0.13.0", }, { url: "https://github.com/open-cluster-management-io/registration-operator/issues/361", }, ], timeline: [ { lang: "en", time: "2024-10-10T18:03:03.097000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-11-30T00:00:00+00:00", value: "Made public.", }, ], title: "Open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens", x_redhatCweChain: "CWE-268->CWE-501: Privilege Chaining leads to Trust Boundary Violation", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9779", datePublished: "2024-12-17T22:59:07.511Z", dateReserved: "2024-10-10T03:51:08.007Z", dateUpdated: "2024-12-18T15:15:33.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-2241
Vulnerability from cvelistv5
Published
2025-03-17 16:27
Modified
2025-03-17 17:11
Severity ?
EPSS score ?
Summary
A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2025-2241 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2351350 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-2241", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-17T17:11:38.318059Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-17T17:11:48.110Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "affected", packageName: "multicluster-engine/multicloud-manager-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "affected", packageName: "rhacm2/cluster-backup-rhel9-operator", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Eric Fried (REDHAT) for reporting this issue.", }, ], datePublic: "2025-03-17T15:52:50.098Z", descriptions: [ { lang: "en", value: "A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T16:27:20.598Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-2241", }, { name: "RHBZ#2351350", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2351350", }, ], timeline: [ { lang: "en", time: "2025-03-11T12:43:34.302000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-03-17T15:52:50.098000+00:00", value: "Made public.", }, ], title: "Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm", workarounds: [ { lang: "en", value: "A few mechanisms are available to reduce the risks and mitigate this vulnerability:\n\n1. Restrict Access to ClusterProvision Objects\n\nEnsure that only trusted users with valid VCenter credentials have read access to ClusterProvision objects.\nThis can be verified using the following commands:\n\noc adm policy who-can get clusterprovision\noc adm policy who-can read clusterprovision\n\n2. Rotate VCenter Credentials\n\nImmediately rotate VCenter credentials to revoke access for any users who may have already accessed the exposed credentials.\n\n3. Audit VCenter Users and Roles\n\nConduct a security audit of VCenter accounts and roles to detect any unauthorized access or configuration changes.\n\nIf any suspicious activity is found, revoke access by rotating credentials again (step 2) and taking necessary remediation actions.", }, ], x_redhatCweChain: "CWE-922: Insecure Storage of Sensitive Information", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-2241", datePublished: "2025-03-17T16:27:20.598Z", dateReserved: "2025-03-12T04:52:38.166Z", dateUpdated: "2025-03-17T17:11:48.110Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3089
Vulnerability from cvelistv5
Published
2023-07-05 12:21
Modified
2024-10-24 19:13
Severity ?
EPSS score ?
Summary
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3089 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2212085 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:41:04.166Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-3089", }, { name: "RHBZ#2212085", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2212085", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3089", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T19:12:21.482201Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T19:13:59.907Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "openshift", vendor: "n/a", versions: [ { status: "unaffected", version: "4.12.0", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:serverless:1", ], defaultStatus: "affected", packageName: "(as-yet-unknown)", product: "OpenShift Serverless", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_mesh:2.2", ], defaultStatus: "affected", packageName: "(as-yet-unknown)", product: "OpenShift Service Mesh 2.2.x", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_mesh:2.3", ], defaultStatus: "affected", packageName: "(as-yet-unknown)", product: "OpenShift Service Mesh 2.3.x", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_mesh:2.4", ], defaultStatus: "affected", packageName: "(as-yet-unknown)", product: "OpenShift Service Mesh 2.4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "affected", packageName: "(as-yet-unknown)", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:amq_streams:1", ], defaultStatus: "affected", packageName: "(as-yet-unknown)", product: "Red Hat JBoss A-MQ Streams", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:3.11", ], defaultStatus: "unaffected", packageName: "openshift", product: "Red Hat OpenShift Container Platform 3.11", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift-ansible", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift-golang-builder-container", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4", ], defaultStatus: "affected", packageName: "(as-yet-unknown)", product: "Red Hat Openshift Data Foundation 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_sandboxed_containers:1", ], defaultStatus: "affected", packageName: "(as-yet-unknown)", product: "Red Hat Openshift sandboxed containers", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "(as-yet-unknown)", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by David Benoit (Red Hat).", }, ], datePublic: "2023-07-05T12:00:00Z", descriptions: [ { lang: "en", value: "A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-05T12:21:03.036Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-3089", }, { name: "RHBZ#2212085", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2212085", }, ], timeline: [ { lang: "en", time: "2023-06-03T00:00:00Z", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-07-05T12:00:00Z", value: "Made public.", }, ], title: "Ocp & fips mode", workarounds: [ { lang: "en", value: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected packages as soon as possible.", }, ], x_redhatCweChain: "CWE-166->CWE-693: Improper Handling of Missing Special Element leads to Protection Mechanism Failure", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-3089", datePublished: "2023-07-05T12:21:03.036Z", dateReserved: "2023-06-03T17:29:23.874Z", dateUpdated: "2024-10-24T19:13:59.907Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0874
Vulnerability from cvelistv5
Published
2024-04-25 16:22
Modified
2025-03-20 02:44
Severity ?
EPSS score ?
Summary
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:0041 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4850 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6009 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6406 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-0874 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2219234 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/coredns/coredns/issues/6186 | ||
| https://github.com/coredns/coredns/pull/6354 |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-0874", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-13T20:18:31.995445Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-13T20:18:37.906Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:18:18.998Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:0041", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0041", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-0874", }, { name: "RHBZ#2219234", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2219234", }, { tags: [ "x_transferred", ], url: "https://github.com/coredns/coredns/issues/6186", }, { tags: [ "x_transferred", ], url: "https://github.com/coredns/coredns/pull/6354", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/coredns/coredns", defaultStatus: "unaffected", packageName: "coredns", versions: [ { lessThan: "1.11.2", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-coredns", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-coredns", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-coredns-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202407230407.p0.g1326282.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-coredns-rhel9", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:logging:5", ], defaultStatus: "unaffected", packageName: "openshift-logging/logging-loki-rhel8", product: "Logging Subsystem for Red Hat OpenShift", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "affected", packageName: "rhacm2/lighthouse-agent-rhel9", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Petr Mensik (Red Hat).", }, ], datePublic: "2023-07-03T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-524", description: "Use of Cache Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T02:44:49.516Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:0041", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0041", }, { name: "RHSA-2024:4850", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4850", }, { name: "RHSA-2024:6009", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6009", }, { name: "RHSA-2024:6406", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6406", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-0874", }, { name: "RHBZ#2219234", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2219234", }, { url: "https://github.com/coredns/coredns/issues/6186", }, { url: "https://github.com/coredns/coredns/pull/6354", }, ], timeline: [ { lang: "en", time: "2023-07-03T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-07-03T00:00:00+00:00", value: "Made public.", }, ], title: "Coredns: cd bit response is cached and served later", x_redhatCweChain: "CWE-524: Use of Cache Containing Sensitive Information", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-0874", datePublished: "2024-04-25T16:22:44.182Z", dateReserved: "2024-01-24T23:42:08.424Z", dateUpdated: "2025-03-20T02:44:49.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3248
Vulnerability from cvelistv5
Published
2023-10-05 13:28
Modified
2024-08-29 20:01
Severity ?
EPSS score ?
Summary
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-3248 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2072188 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kubernetes | ||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:07:05.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2022-3248", }, { name: "RHBZ#2072188", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072188", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-3248", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T19:59:13.226604Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T20:01:55.479Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "kubernetes", vendor: "n/a", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "affected", packageName: "rhacm2/agent-service-rhel8", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform", ], defaultStatus: "unaffected", packageName: "kubernetes", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_tower:3", ], defaultStatus: "unaffected", packageName: "kubernetes", product: "Red Hat Ansible Tower 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:3.11", ], defaultStatus: "unknown", packageName: "atomic-openshift", product: "Red Hat OpenShift Container Platform 3.11", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, ], datePublic: "2023-10-05T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in OpenShift API, as admission checks do not enforce \"custom-host\" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-05T13:28:27.973Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2022-3248", }, { name: "RHBZ#2072188", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072188", }, ], timeline: [ { lang: "en", time: "2022-03-23T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-10-05T00:00:00+00:00", value: "Made public.", }, ], title: "Openshift api admission checks does not enforce \"custom-host\" permissions", x_redhatCweChain: "CWE-863: Incorrect Authorization", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-3248", datePublished: "2023-10-05T13:28:27.973Z", dateReserved: "2022-09-20T14:18:05.021Z", dateUpdated: "2024-08-29T20:01:55.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3727
Vulnerability from cvelistv5
Published
2024-05-09 14:57
Modified
2025-03-20 11:51
Severity ?
EPSS score ?
Summary
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:0045 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3718 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4159 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4613 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4850 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4960 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:5258 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:5951 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6054 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6122 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6708 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6818 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6824 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7164 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7174 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7182 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7187 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7922 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:7941 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8260 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8425 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9097 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9098 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9102 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9960 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-3727 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2274767 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 5.30.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-3727", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T17:59:41.318223Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:33:13.046Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:20:01.029Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:0045", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0045", }, { name: "RHSA-2024:4159", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4159", }, { name: "RHSA-2024:4613", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4613", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-3727", }, { name: "RHBZ#2274767", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/containers/image", defaultStatus: "unaffected", packageName: "image", versions: [ { lessThan: "5.29.3", status: "affected", version: "0", versionType: "semver", }, { lessThan: "5.30.1", status: "affected", version: "5.30.0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_api_data_protection:1.3::el9", ], defaultStatus: "affected", packageName: "oadp/oadp-velero-plugin-rhel9", product: "OADP-1.3-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.3.4-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-collector-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-collector-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-4", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-3", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-rhel8-operator", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-roxctl-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-3", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-3", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-v4-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.5-3", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-collector-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-collector-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-operator-bundle", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-rhel8-operator", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-roxctl-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-slim-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-v4-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.2-2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240808093819.afee755d", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.37.2-1.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.16.1-1.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:5.2.2-1.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:rhmt:1.8::el8", ], defaultStatus: "affected", packageName: "rhmtc/openshift-migration-controller-rhel8", product: "Red Hat Migration Toolkit for Containers 1.8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v1.8.4-22", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift_ironic:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-13.rhaos4.13.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift_ironic:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.11.3-3.rhaos4.13.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift_ironic:4.14::el9", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-19.rhaos4.14.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift_ironic:4.14::el9", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.11.3-3.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/network-tools-rhel8", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-api-server-rhel8", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-node-agent-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-alibaba-machine-controllers-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-apiserver-network-proxy-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-autoscaler-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-control-plane-machine-set-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-ingress-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-network-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-node-tuning-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-console", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-hypershift-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-insights-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-api-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-multus-admission-controller-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-multus-whereabouts-ipam-cni-rhel8", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-nutanix-machine-controllers-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-openshift-controller-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-registry-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-ovn-kubernetes-microshift-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-ovn-kubernetes-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-powervs-cloud-controller-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-powervs-machine-controllers-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-sdn-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-tests", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-tools-rhel8", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "415.92.202409162258-0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ironic:4.15::el9", "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-30.rhaos4.15.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ironic:4.15::el9", "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.11.3-4.rhaos4.15.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-node-agent-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202410230304.p0.g366295f.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-orchestrator-rhel8", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-5.1.rhaos4.16.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", ], defaultStatus: "affected", packageName: "skopeo", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.14.4-1.rhaos4.16.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", ], defaultStatus: "affected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.29.5-7.rhaos4.16.git7db4ada.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-config-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-orchestrator-rhel9", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202409231504.p0.g342902b.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-node-agent-rhel9", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-config-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-olm-operator-controller-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-registry-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-orchestrator-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/oc-mirror-plugin-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-api-server-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-node-agent-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-orchestrator-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-config-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-openshift-apiserver-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4.15::el9", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-controller-rhel9", product: "RHEL-9-CNV-4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.5-7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "unaffected", packageName: "multicluster-engine/agent-service-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "unaffected", packageName: "multicluster-engine/assisted-installer-agent-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "unaffected", packageName: "multicluster-engine/assisted-installer-reporter-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "unaffected", packageName: "multicluster-engine/assisted-installer-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:multicluster_engine", ], defaultStatus: "unaffected", packageName: "multicluster-engine/hive-rhel8", product: "Multicluster Engine for Kubernetes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "ocp-tools-4/jenkins-agent-base-rhel8", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "ocp-tools-4/jenkins-rhel8", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:serverless:1", ], defaultStatus: "affected", packageName: "openshift-serverless-1/client-kn-rhel8", product: "OpenShift Serverless", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:serverless:1", ], defaultStatus: "affected", packageName: "openshift-serverless-clients", product: "OpenShift Serverless", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:source_to_image:1", ], defaultStatus: "affected", packageName: "source-to-image-container", product: "OpenShift Source-to-Image (S2I)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "unaffected", packageName: "rhacm2/submariner-rhel8-operator", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-rhel8-operator", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-roxctl-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-db-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:3", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-scanner-slim-rhel8", product: "Red Hat Advanced Cluster Security 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform", ], defaultStatus: "unaffected", packageName: "openshift-clients", product: "Red Hat Ansible Automation Platform 1.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "unaffected", packageName: "openshift-clients", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "buildah", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "podman", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "skopeo", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/buildah", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/conmon", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/containers-common", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "container-tools:4.0/podman", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "container-tools:4.0/skopeo", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "osbuild-composer", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "containers-common", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "osbuild-composer", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:3.11", ], defaultStatus: "unknown", packageName: "atomic-openshift", product: "Red Hat OpenShift Container Platform 3.11", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:3.11", ], defaultStatus: "unknown", packageName: "podman", product: "Red Hat OpenShift Container Platform 3.11", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "containers-common", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-csr-approver-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-baremetal-installer-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-cli", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-cli-artifacts", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-deployer", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-installer", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-installer-altinfra-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-installer-artifacts", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-olm-rukpak-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-openshift-proxy-pull-test-rhel8", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift-clients", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "ose-installer-terraform-providers-container", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:assisted_installer:", ], defaultStatus: "affected", packageName: "rhai-tech-preview/assisted-installer-agent-rhel8", product: "Red Hat OpenShift Container Platform Assisted Installer", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:assisted_installer:", ], defaultStatus: "affected", packageName: "rhai-tech-preview/assisted-installer-reporter-rhel8", product: "Red Hat OpenShift Container Platform Assisted Installer", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:assisted_installer:", ], defaultStatus: "affected", packageName: "rhai-tech-preview/assisted-installer-rhel8", product: "Red Hat OpenShift Container Platform Assisted Installer", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_devspaces:3:", ], defaultStatus: "affected", packageName: "devspaces/udi-rhel8", product: "Red Hat OpenShift Dev Spaces", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_sandboxed_containers:1", ], defaultStatus: "affected", packageName: "openshift-sandboxed-containers/osc-must-gather-rhel8", product: "Red Hat Openshift Sandboxed Containers", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_sandboxed_containers:1", ], defaultStatus: "affected", packageName: "openshift-sandboxed-containers/osc-rhel8-operator", product: "Red Hat Openshift Sandboxed Containers", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-apiserver", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-apiserver-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-cloner", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-cloner-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-controller", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-importer", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-importer-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-operator", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-operator-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-uploadproxy", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-uploadproxy-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-uploadserver", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-uploadserver-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openstack:16.2", ], defaultStatus: "affected", packageName: "osp-director-provisioner-container", product: "Red Hat OpenStack Platform 16.2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:quay:3", ], defaultStatus: "affected", packageName: "quay/quay-builder-rhel8", product: "Red Hat Quay 3", vendor: "Red Hat", }, ], datePublic: "2024-05-09T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-354", description: "Improper Validation of Integrity Check Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T11:51:44.252Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:0045", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0045", }, { name: "RHSA-2024:3718", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3718", }, { name: "RHSA-2024:4159", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4159", }, { name: "RHSA-2024:4613", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4613", }, { name: "RHSA-2024:4850", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4850", }, { name: "RHSA-2024:4960", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4960", }, { name: "RHSA-2024:5258", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:5258", }, { name: "RHSA-2024:5951", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:5951", }, { name: "RHSA-2024:6054", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6054", }, { name: "RHSA-2024:6122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6122", }, { name: "RHSA-2024:6708", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6708", }, { name: "RHSA-2024:6818", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6818", }, { name: "RHSA-2024:6824", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6824", }, { name: "RHSA-2024:7164", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { name: "RHSA-2024:7174", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7174", }, { name: "RHSA-2024:7182", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7182", }, { name: "RHSA-2024:7187", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7187", }, { name: "RHSA-2024:7922", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7922", }, { name: "RHSA-2024:7941", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:7941", }, { name: "RHSA-2024:8260", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8260", }, { name: "RHSA-2024:8425", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8425", }, { name: "RHSA-2024:9097", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9097", }, { name: "RHSA-2024:9098", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9098", }, { name: "RHSA-2024:9102", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9102", }, { name: "RHSA-2024:9960", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9960", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-3727", }, { name: "RHBZ#2274767", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", }, ], timeline: [ { lang: "en", time: "2024-04-12T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-05-09T00:00:00+00:00", value: "Made public.", }, ], title: "Containers/image: digest type does not guarantee valid type", x_redhatCweChain: "CWE-354: Improper Validation of Integrity Check Value", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-3727", datePublished: "2024-05-09T14:57:21.327Z", dateReserved: "2024-04-12T17:56:37.261Z", dateUpdated: "2025-03-20T11:51:44.252Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5042
Vulnerability from cvelistv5
Published
2024-05-17 13:12
Modified
2025-02-07 04:12
Severity ?
EPSS score ?
Summary
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:4591 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-5042 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2280921 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/advisories/GHSA-2rhx-qhxp-5jpw |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 0.17.0 < 0.18.0-m3 |
||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5042", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T14:43:37.969142Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:01:39.816Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:4591", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4591", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-5042", }, { name: "RHBZ#2280921", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280921", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-2rhx-qhxp-5jpw", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/submariner-io/submariner-operator", defaultStatus: "unaffected", packageName: "submariner-operator", versions: [ { lessThan: "0.16.4", status: "affected", version: "0", versionType: "semver", }, { lessThan: "0.18.0-m3", status: "affected", version: "0.17.0", versionType: "custom", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4.16::el9", ], defaultStatus: "affected", packageName: "odf4/odf-multicluster-rhel9-operator", product: "RHODF-4.16-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-19", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "affected", packageName: "rhacm2/lighthouse-agent-rhel9", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "affected", packageName: "rhacm2/lighthouse-coredns-rhel8", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "affected", packageName: "rhacm2/submariner-gateway-rhel8", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "affected", packageName: "rhacm2/submariner-globalnet-rhel8", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "affected", packageName: "rhacm2/submariner-rhel8-operator", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "affected", packageName: "rhacm2/submariner-route-agent-rhel9", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, ], datePublic: "2024-05-16T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "Execution with Unnecessary Privileges", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T04:12:25.528Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:4591", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4591", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-5042", }, { name: "RHBZ#2280921", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280921", }, { url: "https://github.com/advisories/GHSA-2rhx-qhxp-5jpw", }, ], timeline: [ { lang: "en", time: "2024-05-15T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-05-16T00:00:00+00:00", value: "Made public.", }, ], title: "Submariner-operator: rbac permissions can allow for the spread of node compromises", x_redhatCweChain: "CWE-250: Execution with Unnecessary Privileges", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-5042", datePublished: "2024-05-17T13:12:00.551Z", dateReserved: "2024-05-17T03:54:30.320Z", dateUpdated: "2025-02-07T04:12:25.528Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-1139
Vulnerability from cvelistv5
Published
2024-04-25 16:25
Modified
2025-02-06 08:21
Severity ?
EPSS score ?
Summary
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1887 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1891 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2047 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2782 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-1139 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2262158 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ 0.1.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-1139", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-26T14:01:04.371877Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:00:07.175Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:26:30.566Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:1887", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1887", }, { name: "RHSA-2024:1891", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1891", }, { name: "RHSA-2024:2047", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2047", }, { name: "RHSA-2024:2782", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2782", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-1139", }, { name: "RHBZ#2262158", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262158", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/openshift/cluster-monitoring-operator", defaultStatus: "unaffected", packageName: "cluster-monitoring-operator", versions: [ { lessThanOrEqual: "0.1.1", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-monitoring-operator", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.12.0-202405091536.p0.g8906207.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-monitoring-operator", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.13.0-202404200313.p0.gb518881.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/cloud-network-config-controller-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf350a68.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/driver-toolkit-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gcafed17.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/egress-router-cni-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gafffdd4.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/kubevirt-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/network-tools-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ge79d817.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/oc-mirror-plugin-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga0733c1.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/openshift-route-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g1a5e72f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-api-server-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g2dbe78f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-csr-approver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g46dedc6.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-node-agent-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gd8cf3c9.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-orchestrator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g46dedc6.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-agent-installer-utils-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gad85376.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-alibaba-cloud-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g8ba0b37.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404170009.p0.g3dc363d.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g8853e6e.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-alibaba-machine-controllers-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g27f105d.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-apiserver-network-proxy-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g3362d67.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-aws-cloud-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g607e2dd.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-aws-cluster-api-controllers-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g54a95bd.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-aws-ebs-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g2e2e277.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-aws-ebs-csi-driver-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g95bcf9a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-aws-pod-identity-webhook-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gad7aa0a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-azure-cloud-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf0e7cbb.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-azure-cloud-node-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf0e7cbb.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-azure-cluster-api-controllers-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7ad2773.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-azure-disk-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gb19eec1.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-azure-disk-csi-driver-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g9189357.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-azure-file-csi-driver-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g354c55d.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-azure-file-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf401f53.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-azure-workload-identity-webhook-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g43a15be.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-baremetal-installer-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g78da43a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-baremetal-machine-controllers", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gfb20cda.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-baremetal-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g937b5fd.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-baremetal-runtimecfg-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g13046b3.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cli", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf7b14a9.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cli-artifacts", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf7b14a9.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cloud-credential-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga687275.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-api-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gae83c55.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-authentication-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g9203d4d.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-autoscaler", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g9d87281.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-autoscaler-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g5d436c6.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-baremetal-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g270579c.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-bootstrap", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g93fba13.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-capi-operator-container-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gb4c4fb1.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-capi-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gb4c4fb1.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g33a706e.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-config-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g91fa980.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-control-plane-machine-set-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g074a22c.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404170009.p0.gd4a1162.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-dns-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g5553a22.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-etcd-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g74f5363.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-image-registry-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gd139e6b.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-ingress-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gd876f5a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-kube-apiserver-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404171239.p0.g2eab0f9.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-kube-cluster-api-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gb287d08.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-kube-controller-manager-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g4e05963.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-kube-scheduler-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g33f630d.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g9cd9922.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-machine-approver", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g711b4f6.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-monitoring-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404170009.p0.g1839fb4.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-network-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gd429c8b.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-node-tuning-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404171239.p0.g88d3f42.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-node-tuning-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404171239.p0.g88d3f42.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-olm-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g0dbbb61.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-openshift-apiserver-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g8bd8602.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-openshift-controller-manager-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g3985c55.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-platform-operators-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g08fb27e.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-policy-controller-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g219f6f6.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-samples-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g61a3465.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-storage-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gaab7b5b.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-version-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gaf210dc.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-configmap-reloader", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g716a0c3.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-console", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf6b13c7.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-console-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g855f3fc.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-container-networking-plugins-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7295a5e.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-coredns", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7d3fa77.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-driver-manila-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g697083a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-driver-manila-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gd93a218.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-driver-nfs-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ge1dd453.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-driver-shared-resource-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gc273cd5.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-driver-shared-resource-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g9232c1f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-driver-shared-resource-webhook-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g9232c1f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-external-attacher", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g06e8ce0.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-external-attacher-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g06e8ce0.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-external-provisioner", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g78a710f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-external-provisioner-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g78a710f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-external-resizer", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g59a701a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-external-resizer-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g59a701a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-external-snapshotter", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga683453.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-external-snapshotter-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga683453.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-livenessprobe", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga9bcbde.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-livenessprobe-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga9bcbde.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-node-driver-registrar", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g9dcaa7f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-node-driver-registrar-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g9dcaa7f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-snapshot-controller", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga683453.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-snapshot-controller-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga683453.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-csi-snapshot-validation-webhook-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga683453.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-deployer", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf7b14a9.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g9c104de.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-registry", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gb31bf58.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-etcd-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404171239.p0.gb0c0321.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-gcp-cloud-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g09e96a9.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-gcp-cluster-api-controllers-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gd99fb31.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-gcp-pd-csi-driver-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g95d55a0.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-gcp-pd-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g8a626fe.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-haproxy-router", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gb3af193.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-hyperkube-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7bee54d.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-hypershift-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404170009.p0.g96b62a5.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ibmcloud-cluster-api-controllers-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g004ecde.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ibm-cloud-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g446871f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ibmcloud-machine-controllers-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gc28b223.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7fd94aa.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ibm-vpc-block-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g02471d9.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ibm-vpc-node-label-updater-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g44a2b94.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-image-customization-controller-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g2a6627b.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-insights-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g1c0ecea.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-installer", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g78da43a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-installer-artifacts", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g78da43a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ironic-agent-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g264fa5c.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ironic-machine-os-downloader-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7b56c30.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ironic-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7296ed5.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ironic-static-ip-manager-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gc038d5a.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-k8s-prometheus-adapter", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g801a912.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-kube-proxy", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g1a9befc.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-kube-rbac-proxy", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g1a646b9.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-kube-state-metrics", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gdb0c549.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-kube-storage-version-migrator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g8558e14.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-kubevirt-cloud-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7d96f56.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-kuryr-cni-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g8926a29.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-kuryr-controller-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404170009.p0.g8926a29.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-libvirt-machine-controllers", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g34dfccb.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-api-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g27f5650.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-api-provider-aws-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ge292817.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-api-provider-azure-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g8666a36.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-api-provider-gcp-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga676e6b.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-api-provider-openstack-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g8985876.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-config-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7c0025b.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-machine-os-images-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gd3a4a6c.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-multus-admission-controller", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g5e74b0f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-multus-cni", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g823eb51.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-multus-networkpolicy-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gcd6eae1.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-multus-route-override-cni-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g078aee5.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-multus-whereabouts-ipam-cni-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g13aebf7.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-must-gather", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g833e1de.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-network-interface-bond-cni-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g29f61f6.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-network-metrics-daemon-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g69d0021.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-nutanix-cloud-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gbc56886.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-nutanix-machine-controllers-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g6f50b1a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-oauth-apiserver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g8f5c90c.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-oauth-proxy", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga4a2f27.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-oauth-server-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g35f4739.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-olm-catalogd-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga333cb0.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-olm-operator-controller-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gfb6fb27.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-olm-rukpak-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g2287fb2.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-openshift-apiserver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g9e9b51d.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-openshift-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g27209ef.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-openshift-state-metrics-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gdff4b0f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-openstack-cinder-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g697083a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g3a74316.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-openstack-cloud-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g697083a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-lifecycle-manager", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gdcfcfb3.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-marketplace", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga367cea.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-registry", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gdcfcfb3.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ovirt-machine-controllers-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g5d70863.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ovn-kubernetes", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g2fdbd1b.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ovn-kubernetes-microshift-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g2fdbd1b.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ovn-kubernetes-rhel9", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g2fdbd1b.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-pod", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7bee54d.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-powervs-block-csi-driver-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g7436369.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-powervs-block-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g8ecfd7f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-powervs-cloud-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g32c1028.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-powervs-machine-controllers-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g1a957da.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-prometheus", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gb7c61bc.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-prometheus-alertmanager", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ge372516.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-prometheus-config-reloader", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga4b845a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-prometheus-node-exporter", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g5ee0a9d.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-prometheus-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga4b845a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-prometheus-operator-admission-webhook-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga4b845a.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-prom-label-proxy", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gaf40ed0.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-sdn-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g1a9befc.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-service-ca-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g3c3f82f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-telemeter", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gc683f65.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-tests", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf066e57.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-thanos-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga267125.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-tools-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf7b14a9.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g5d5105f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-vmware-vsphere-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga5ed57f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-vsphere-cloud-controller-manager-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gb04567f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-vsphere-cluster-api-controllers-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g72e998c.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-vsphere-csi-driver-operator-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g5d5105f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-vsphere-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga5ed57f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-vsphere-csi-driver-syncer-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.ga5ed57f.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-vsphere-problem-detector-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gece171d.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ovirt-csi-driver-rhel7", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf21b470.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ovirt-csi-driver-rhel8", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.gf21b470.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "openshift4/ovirt-csi-driver-rhel8-operator", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202404161544.p0.g2fa33aa.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-cluster-monitoring-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202404161612.p0.g00d04f5.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "unaffected", packageName: "rhacm2/endpoint-monitoring-rhel9-operator", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "unaffected", packageName: "rhacm2/grafana-dashboard-loader-rhel9", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "unaffected", packageName: "rhacm2/metrics-collector-rhel9", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "unaffected", packageName: "rhacm2/multicluster-observability-rhel8-operator", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "unaffected", packageName: "rhacm2/rbac-query-proxy-rhel8", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:3.11", ], defaultStatus: "unknown", packageName: "openshift3/ose-cluster-monitoring-operator", product: "Red Hat OpenShift Container Platform 3.11", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Calvinna Caswara (noris network AG) and Patrick Gress (noris network AG) for reporting this issue.", }, ], datePublic: "2024-04-03T09:19:00.000Z", descriptions: [ { lang: "en", value: "A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-06T08:21:10.525Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1887", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1887", }, { name: "RHSA-2024:1891", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1891", }, { name: "RHSA-2024:2047", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2047", }, { name: "RHSA-2024:2782", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2782", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-1139", }, { name: "RHBZ#2262158", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262158", }, ], timeline: [ { lang: "en", time: "2024-01-31T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-04-03T09:19:00+00:00", value: "Made public.", }, ], title: "Cluster-monitoring-operator: credentials leak", x_redhatCweChain: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-1139", datePublished: "2024-04-25T16:25:01.080Z", dateReserved: "2024-01-31T20:48:06.154Z", dateUpdated: "2025-02-06T08:21:10.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11831
Vulnerability from cvelistv5
Published
2025-02-10 15:27
Modified
2025-03-31 18:33
Severity ?
EPSS score ?
Summary
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:1334 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:1468 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11831 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2312579 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e | ||
| https://github.com/yahoo/serialize-javascript/pull/173 |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 6.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11831", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T17:08:31.160473Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-10T17:08:44.112Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/yahoo/serialize-javascript", packageName: "serialize-javascript", versions: [ { lessThan: "6.0.2", status: "affected", version: "6.0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.4::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.4", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.4.8-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4.5::el8", ], defaultStatus: "affected", packageName: "advanced-cluster-security/rhacs-main-rhel8", product: "Red Hat Advanced Cluster Security 4.5", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4.5.6-2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:cryostat:3", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Cryostat 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:logging:5", ], defaultStatus: "affected", packageName: "openshift-logging/kibana6-rhel8", product: "Logging Subsystem for Red Hat OpenShift", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:migration_toolkit_applications:7", ], defaultStatus: "affected", packageName: "mta/mta-cli-rhel9", product: "Migration Toolkit for Applications 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:migration_toolkit_applications:7", ], defaultStatus: "affected", packageName: "mta/mta-ui-rhel9", product: "Migration Toolkit for Applications 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:migration_toolkit_virtualization:2", ], defaultStatus: "unaffected", packageName: "migration-toolkit-virtualization/mtv-console-plugin-rhel9", product: "Migration Toolkit for Virtualization", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_dotnet:6.0", ], defaultStatus: "affected", packageName: "rh-dotnet60-dotnet", product: ".NET 6.0 on Red Hat Enterprise Linux", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_lightspeed", ], defaultStatus: "affected", packageName: "openshift-lightspeed-beta/lightspeed-console-plugin-rhel9", product: "OpenShift Lightspeed", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_pipelines:1", ], defaultStatus: "affected", packageName: "openshift-pipelines-console-plugin-rhel8-container", product: "OpenShift Pipelines", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_pipelines:1", ], defaultStatus: "affected", packageName: "openshift-pipelines/pipelines-hub-api-rhel8", product: "OpenShift Pipelines", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_pipelines:1", ], defaultStatus: "affected", packageName: "openshift-pipelines/pipelines-hub-db-migration-rhel8", product: "OpenShift Pipelines", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_pipelines:1", ], defaultStatus: "affected", packageName: "openshift-pipelines/pipelines-hub-ui-rhel8", product: "OpenShift Pipelines", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:serverless:1", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "OpenShift Serverless", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_mesh:2", ], defaultStatus: "affected", packageName: "openshift-service-mesh/kiali-ossmc-rhel8", product: "OpenShift Service Mesh 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_mesh:2", ], defaultStatus: "affected", packageName: "openshift-service-mesh/kiali-rhel8", product: "OpenShift Service Mesh 2", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:red_hat_3scale_amp:2", ], defaultStatus: "affected", packageName: "3scale-amp-system-container", product: "Red Hat 3scale API Management Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:acm:2", ], defaultStatus: "unaffected", packageName: "rhacm2/console-rhel8", product: "Red Hat Advanced Cluster Management for Kubernetes 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-central-db-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-rhel8-operator", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-roxctl-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_cluster_security:4", ], defaultStatus: "unaffected", packageName: "advanced-cluster-security/rhacs-scanner-v4-rhel8", product: "Red Hat Advanced Cluster Security 4", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "aap-cloud-ui-container", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "ansible-automation-platform-24/lightspeed-rhel8", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "unaffected", packageName: "automation-controller", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "affected", packageName: "automation-eda-controller", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhboac_hawtio:4", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat build of Apache Camel - HawtIO 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_registry:2", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat build of Apicurio Registry 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat Build of Keycloak", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:optaplanner:::el6", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat build of OptaPlanner 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_data_grid:8", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat Data Grid 8", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:rhdh:1", ], defaultStatus: "affected", packageName: "rhdh-operator-container", product: "Red Hat Developer Hub", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhdh:1", ], defaultStatus: "affected", packageName: "rhdh/rhdh-hub-rhel9", product: "Red Hat Developer Hub", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:discovery:1", ], defaultStatus: "affected", packageName: "discovery-server-container", product: "Red Hat Discovery", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "dotnet6.0", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "dotnet8.0", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "grafana", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "pcs", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "dotnet6.0", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "dotnet7.0", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "dotnet8.0", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "pcs", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_fuse:7", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat Fuse 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:integration:1", ], defaultStatus: "unaffected", packageName: "serialize-javascript", product: "Red Hat Integration Camel K 1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:7", ], defaultStatus: "unaffected", packageName: "serialize-javascript", product: "Red Hat JBoss Enterprise Application Platform 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:8", ], defaultStatus: "unaffected", packageName: "serialize-javascript", product: "Red Hat JBoss Enterprise Application Platform 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jbosseapxp", ], defaultStatus: "unaffected", packageName: "serialize-javascript", product: "Red Hat JBoss Enterprise Application Platform Expansion Pack", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "unaffected", packageName: "odh-dashboard-container", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-dashboard-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-data-science-pipelines-argo-argoexec-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-data-science-pipelines-argo-workflowcontroller-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-kf-notebook-controller-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-ml-pipelines-api-server-v2-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-ml-pipelines-driver-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-ml-pipelines-launcher-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-ml-pipelines-persistenceagent-v2-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-ml-pipelines-scheduledworkflow-v2-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "affected", packageName: "odh-model-registry-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "unaffected", packageName: "odh-notebook-controller-rhel8", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_ai", ], defaultStatus: "unaffected", packageName: "odh-operator-container", product: "Red Hat OpenShift AI (RHOAI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:3.11", ], defaultStatus: "affected", packageName: "openshift3/ose-console", product: "Red Hat OpenShift Container Platform 3.11", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "openshift4/ose-monitoring-plugin-rhel9", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4", ], defaultStatus: "affected", packageName: "odf4/mcg-core-rhel8", product: "Red Hat Openshift Data Foundation 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4", ], defaultStatus: "affected", packageName: "odf4/ocs-client-console-rhel9", product: "Red Hat Openshift Data Foundation 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4", ], defaultStatus: "affected", packageName: "odf4/odf-console-rhel9", product: "Red Hat Openshift Data Foundation 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_data_foundation:4", ], defaultStatus: "affected", packageName: "odf4/odf-multicluster-console-rhel8", product: "Red Hat Openshift Data Foundation 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_devspaces:3:", ], defaultStatus: "affected", packageName: "devspaces/code-rhel8", product: "Red Hat OpenShift Dev Spaces", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_devspaces:3:", ], defaultStatus: "affected", packageName: "devspaces/dashboard-rhel8", product: "Red Hat OpenShift Dev Spaces", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_devspaces:3:", ], defaultStatus: "affected", packageName: "devspaces/traefik-rhel8", product: "Red Hat OpenShift Dev Spaces", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "unaffected", packageName: "rhosdt/jaeger-agent-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "affected", packageName: "rhosdt/jaeger-all-in-one-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "unaffected", packageName: "rhosdt/jaeger-collector-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "unaffected", packageName: "rhosdt/jaeger-es-index-cleaner-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "unaffected", packageName: "rhosdt/jaeger-es-rollover-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "unaffected", packageName: "rhosdt/jaeger-ingester-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_distributed_tracing:3", ], defaultStatus: "affected", packageName: "rhosdt/jaeger-query-rhel8", product: "Red Hat OpenShift distributed tracing 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat Process Automation 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:quay:3", ], defaultStatus: "affected", packageName: "quay/quay-rhel8", product: "Red Hat Quay 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "affected", packageName: "nodejs-compression-webpack-plugin", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "affected", packageName: "nodejs-css-minimizer-webpack-plugin", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "affected", packageName: "nodejs-uglifyjs-webpack-plugin", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "affected", packageName: "nodejs-webpack", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7", ], defaultStatus: "affected", packageName: "serialize-javascript", product: "Red Hat Single Sign-On 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:trusted_profile_analyzer:1", ], defaultStatus: "affected", packageName: "rhtpa/rhtpa-trustification-service-rhel9", product: "Red Hat Trusted Profile Analyzer", vendor: "Red Hat", }, ], datePublic: "2024-09-16T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-31T18:33:07.877Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:1334", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1334", }, { name: "RHSA-2025:1468", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1468", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-11831", }, { name: "RHBZ#2312579", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312579", }, { url: "https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e", }, { url: "https://github.com/yahoo/serialize-javascript/pull/173", }, ], timeline: [ { lang: "en", time: "2024-09-16T16:43:32.021000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-09-16T00:00:00+00:00", value: "Made public.", }, ], title: "Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-11831", datePublished: "2025-02-10T15:27:46.732Z", dateReserved: "2024-11-26T18:56:38.187Z", dateUpdated: "2025-03-31T18:33:07.877Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }