Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    198 vulnerabilities by Stormshield

    CVE-2026-8482 (GCVE-0-2026-8482)

    Vulnerability from nvd – Published: 2026-07-02 08:42 – Updated: 2026-07-02 12:20
    VLAI
    Title
    Information leak in NSRPC client history
    Summary
    A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of sensitive information into log file
    Assigner
    References
    Impacted products
    Vendor Product Version
    Stormshield Stormshield Network Security Affected: 4.3.0 , ≤ 4.3.41 (semver)
    Affected: 4.8.0 , ≤ 4.8.15 (semver)
    Affected: 5.0.0 , ≤ 5.0.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8482",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:20:06.574781Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:20:17.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Stormshield Network Security",
              "vendor": "Stormshield",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.41",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.8.15",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)\n\u003cbr\u003eThere is a possible leak of secret information if administration commands have been passed with the CLI command line tool.\n\u003cbr\u003eSomeone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)\n\nThere is a possible leak of secret information if administration commands have been passed with the CLI command line tool.\n\nSomeone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of sensitive information into log file",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T08:42:56.777Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "url": "https://advisories.stormshield.eu/2025-007/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following updates fix this vulnerability:\u003cbr\u003e\u003cul\u003e\u003cli\u003eSNS 5.0.6\n\u003c/li\u003e\u003cli\u003eSNS 4.8.16\n\u003c/li\u003e\u003cli\u003eSNS 4.3.42\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The following updates fix this vulnerability:\n  *  SNS 5.0.6\n\n  *  SNS 4.8.16\n\n  *  SNS 4.3.42"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information leak in NSRPC client history",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2026-8482",
        "datePublished": "2026-07-02T08:42:56.777Z",
        "dateReserved": "2026-05-13T14:04:22.661Z",
        "dateUpdated": "2026-07-02T12:20:17.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8480 (GCVE-0-2026-8480)

    Vulnerability from nvd – Published: 2026-07-01 14:52 – Updated: 2026-07-01 15:45
    VLAI
    Title
    Connection possible to the Administration portal with a revoked certificate
    Summary
    A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper certificate validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Stormshield Stormshield Network Security Affected: 4.3.0 , ≤ 4.3.41 (semver)
    Affected: 4.4.0 , ≤ 4.8.15 (semver)
    Affected: 5.0.2 EA , ≤ 5.0.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8480",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:44:58.262034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:45:32.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Stormshield Network Security",
              "vendor": "Stormshield",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.41",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.8.15",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.2 EA",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was discovered on Stormshield Network Security 4.3.0\u0026nbsp; to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)\u003c/p\u003e\u003cp\u003eA revoked client certificate can still be used to authenticate to the captive\u2011admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability was discovered on Stormshield Network Security 4.3.0\u00a0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)\n\n\n\nA revoked client certificate can still be used to authenticate to the captive\u2011admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper certificate validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:52:12.815Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "url": "https://advisories.stormshield.eu/2026-002/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following updates fix this vulnerability:\u003cbr\u003e\u003cul\u003e\u003cli\u003eSNS 5.0.6\n\u003c/li\u003e\u003cli\u003eSNS 4.8.16\n\u003c/li\u003e\u003cli\u003eSNS 4.3.42\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The following updates fix this vulnerability:\n  *  SNS 5.0.6\n\n  *  SNS 4.8.16\n\n  *  SNS 4.3.42"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Connection possible to the Administration portal with a revoked certificate",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2026-8480",
        "datePublished": "2026-07-01T14:52:12.815Z",
        "dateReserved": "2026-05-13T13:48:21.232Z",
        "dateUpdated": "2026-07-01T15:45:32.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8474 (GCVE-0-2026-8474)

    Vulnerability from nvd – Published: 2026-06-01 07:47 – Updated: 2026-06-01 13:05
    VLAI
    Title
    Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.
    Summary
    A vulnerability was discovered on Stormshield Network Security  * 4.3.0 to 4.3.41,  * 4.8.0 to 4.8.15,  * 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    StormShield StormShield Network Security Affected: 4.3.0 , ≤ 4.3.41 (semver)
    Affected: 4.8.0 , ≤ 4.8.15 (semver)
    Affected: 5.0.0 , ≤ 5.0.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8474",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T13:05:31.957702Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T13:05:45.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "StormShield Network Security",
              "vendor": "StormShield",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.41",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.8.15",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was discovered on Stormshield Network Security\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.3.0 to 4.3.41,\u0026nbsp;\u003c/li\u003e\u003cli\u003e4.8.0 to 4.8.15,\u0026nbsp;\u003c/li\u003e\u003cli\u003e5.0.0 to 5.0.5\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIt is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim\u0027s machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability was discovered on Stormshield Network Security\u00a0\n\n\n\n\n\n  *  4.3.0 to 4.3.41,\u00a0\n  *  4.8.0 to 4.8.15,\u00a0\n  *  5.0.0 to 5.0.5\n\n\n\n\n\n\n\n\nIt is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim\u0027s machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T07:50:04.199Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "url": "https://advisories.stormshield.eu/2026-003/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe following updates fix this vulnerability:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSNS 5.0.6\u003c/li\u003e\u003cli\u003eSNS 4.8.16\u003c/li\u003e\u003cli\u003eSNS 4.3.42\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The following updates fix this vulnerability:\n\n  *  SNS 5.0.6\n  *  SNS 4.8.16\n  *  SNS 4.3.42"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2026-8474",
        "datePublished": "2026-06-01T07:47:54.875Z",
        "dateReserved": "2026-05-13T13:10:26.492Z",
        "dateUpdated": "2026-06-01T13:05:45.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48707 (GCVE-0-2025-48707)

    Vulnerability from nvd – Published: 2025-09-25 00:00 – Updated: 2025-09-26 20:05
    VLAI
    Summary
    An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret sharing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-284 - Improper Access Control
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48707",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-26T20:04:34.034705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-26T20:05:50.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret sharing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-25T17:49:42.268Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://advisories.stormshield.eu/2025-003/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-48707",
        "datePublished": "2025-09-25T00:00:00.000Z",
        "dateReserved": "2025-05-23T00:00:00.000Z",
        "dateUpdated": "2025-09-26T20:05:50.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-8482 (GCVE-0-2026-8482)

    Vulnerability from cvelistv5 – Published: 2026-07-02 08:42 – Updated: 2026-07-02 12:20
    VLAI
    Title
    Information leak in NSRPC client history
    Summary
    A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of sensitive information into log file
    Assigner
    References
    Impacted products
    Vendor Product Version
    Stormshield Stormshield Network Security Affected: 4.3.0 , ≤ 4.3.41 (semver)
    Affected: 4.8.0 , ≤ 4.8.15 (semver)
    Affected: 5.0.0 , ≤ 5.0.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8482",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:20:06.574781Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:20:17.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Stormshield Network Security",
              "vendor": "Stormshield",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.41",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.8.15",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)\n\u003cbr\u003eThere is a possible leak of secret information if administration commands have been passed with the CLI command line tool.\n\u003cbr\u003eSomeone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)\n\nThere is a possible leak of secret information if administration commands have been passed with the CLI command line tool.\n\nSomeone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of sensitive information into log file",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T08:42:56.777Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "url": "https://advisories.stormshield.eu/2025-007/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following updates fix this vulnerability:\u003cbr\u003e\u003cul\u003e\u003cli\u003eSNS 5.0.6\n\u003c/li\u003e\u003cli\u003eSNS 4.8.16\n\u003c/li\u003e\u003cli\u003eSNS 4.3.42\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The following updates fix this vulnerability:\n  *  SNS 5.0.6\n\n  *  SNS 4.8.16\n\n  *  SNS 4.3.42"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information leak in NSRPC client history",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2026-8482",
        "datePublished": "2026-07-02T08:42:56.777Z",
        "dateReserved": "2026-05-13T14:04:22.661Z",
        "dateUpdated": "2026-07-02T12:20:17.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8480 (GCVE-0-2026-8480)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:52 – Updated: 2026-07-01 15:45
    VLAI
    Title
    Connection possible to the Administration portal with a revoked certificate
    Summary
    A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper certificate validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Stormshield Stormshield Network Security Affected: 4.3.0 , ≤ 4.3.41 (semver)
    Affected: 4.4.0 , ≤ 4.8.15 (semver)
    Affected: 5.0.2 EA , ≤ 5.0.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8480",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:44:58.262034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:45:32.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Stormshield Network Security",
              "vendor": "Stormshield",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.41",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.8.15",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.2 EA",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was discovered on Stormshield Network Security 4.3.0\u0026nbsp; to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)\u003c/p\u003e\u003cp\u003eA revoked client certificate can still be used to authenticate to the captive\u2011admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability was discovered on Stormshield Network Security 4.3.0\u00a0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)\n\n\n\nA revoked client certificate can still be used to authenticate to the captive\u2011admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper certificate validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:52:12.815Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "url": "https://advisories.stormshield.eu/2026-002/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following updates fix this vulnerability:\u003cbr\u003e\u003cul\u003e\u003cli\u003eSNS 5.0.6\n\u003c/li\u003e\u003cli\u003eSNS 4.8.16\n\u003c/li\u003e\u003cli\u003eSNS 4.3.42\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The following updates fix this vulnerability:\n  *  SNS 5.0.6\n\n  *  SNS 4.8.16\n\n  *  SNS 4.3.42"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Connection possible to the Administration portal with a revoked certificate",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2026-8480",
        "datePublished": "2026-07-01T14:52:12.815Z",
        "dateReserved": "2026-05-13T13:48:21.232Z",
        "dateUpdated": "2026-07-01T15:45:32.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8474 (GCVE-0-2026-8474)

    Vulnerability from cvelistv5 – Published: 2026-06-01 07:47 – Updated: 2026-06-01 13:05
    VLAI
    Title
    Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.
    Summary
    A vulnerability was discovered on Stormshield Network Security  * 4.3.0 to 4.3.41,  * 4.8.0 to 4.8.15,  * 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    StormShield StormShield Network Security Affected: 4.3.0 , ≤ 4.3.41 (semver)
    Affected: 4.8.0 , ≤ 4.8.15 (semver)
    Affected: 5.0.0 , ≤ 5.0.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8474",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T13:05:31.957702Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T13:05:45.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "StormShield Network Security",
              "vendor": "StormShield",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.41",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.8.15",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was discovered on Stormshield Network Security\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.3.0 to 4.3.41,\u0026nbsp;\u003c/li\u003e\u003cli\u003e4.8.0 to 4.8.15,\u0026nbsp;\u003c/li\u003e\u003cli\u003e5.0.0 to 5.0.5\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIt is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim\u0027s machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability was discovered on Stormshield Network Security\u00a0\n\n\n\n\n\n  *  4.3.0 to 4.3.41,\u00a0\n  *  4.8.0 to 4.8.15,\u00a0\n  *  5.0.0 to 5.0.5\n\n\n\n\n\n\n\n\nIt is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim\u0027s machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T07:50:04.199Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "url": "https://advisories.stormshield.eu/2026-003/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe following updates fix this vulnerability:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSNS 5.0.6\u003c/li\u003e\u003cli\u003eSNS 4.8.16\u003c/li\u003e\u003cli\u003eSNS 4.3.42\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The following updates fix this vulnerability:\n\n  *  SNS 5.0.6\n  *  SNS 4.8.16\n  *  SNS 4.3.42"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2026-8474",
        "datePublished": "2026-06-01T07:47:54.875Z",
        "dateReserved": "2026-05-13T13:10:26.492Z",
        "dateUpdated": "2026-06-01T13:05:45.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48707 (GCVE-0-2025-48707)

    Vulnerability from cvelistv5 – Published: 2025-09-25 00:00 – Updated: 2025-09-26 20:05
    VLAI
    Summary
    An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret sharing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-284 - Improper Access Control
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48707",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-26T20:04:34.034705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-26T20:05:50.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret sharing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-25T17:49:42.268Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://advisories.stormshield.eu/2025-003/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-48707",
        "datePublished": "2025-09-25T00:00:00.000Z",
        "dateReserved": "2025-05-23T00:00:00.000Z",
        "dateUpdated": "2025-09-26T20:05:50.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CERTFR-2026-AVI-0816

    Vulnerability from certfr_avis - Published: 2026-06-29 - Updated: 2026-06-29

    De multiples vulnérabilités ont été découvertes dans Stormshield Management Center. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Management Center Stormshield Management Center versions antérieures à 3.9.2
    References
    Bulletin de sécurité StormShield 2026-012 2026-06-29 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Stormshield Management Center versions ant\u00e9rieures \u00e0 3.9.2",
          "product": {
            "name": "Stormshield Management Center",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-6637",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6637"
        },
        {
          "name": "CVE-2026-6473",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6473"
        },
        {
          "name": "CVE-2026-6638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6638"
        },
        {
          "name": "CVE-2026-6475",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6475"
        },
        {
          "name": "CVE-2026-6477",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6477"
        }
      ],
      "initial_release_date": "2026-06-29T00:00:00",
      "last_revision_date": "2026-06-29T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0816",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-29T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Management Center. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Management Center",
      "vendor_advisories": [
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2026-012",
          "url": "https://advisories.stormshield.eu/2026-012"
        }
      ]
    }

    CERTFR-2026-AVI-0723

    Vulnerability from certfr_avis - Published: 2026-06-10 - Updated: 2026-06-10

    Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security SNS versions 5.x antérieures à 5.0.6
    References
    Bulletin de sécurité StormShield 2026-011 2026-06-09 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "SNS versions 5.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-31790",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
        }
      ],
      "initial_release_date": "2026-06-10T00:00:00",
      "last_revision_date": "2026-06-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0723",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2026-011",
          "url": "https://advisories.stormshield.eu/2026-011"
        }
      ]
    }

    CERTFR-2026-AVI-0631

    Vulnerability from certfr_avis - Published: 2026-05-22 - Updated: 2026-05-22

    Une vulnérabilité a été découverte dans Stormshield Network Security (SNS). Elle permet à un attaquant de provoquer un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security SNS versions 5.x antérieures à 5.0.6
    Stormshield Stormshield Network Security SNS versions 4.4.x à 4.8.x antérieures à 4.8.16
    Stormshield Stormshield Network Security SNS versions 4.3.x antérieures à 4.3.43
    References
    Bulletin de sécurité StormShield 2026-010 2026-05-21 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "SNS versions 5.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "SNS versions 4.4.x \u00e0 4.8.x ant\u00e9rieures \u00e0 4.8.16",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "SNS versions 4.3.x ant\u00e9rieures \u00e0 4.3.43",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-9086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
        }
      ],
      "initial_release_date": "2026-05-22T00:00:00",
      "last_revision_date": "2026-05-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0631",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security (SNS). Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2026-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2026-010",
          "url": "https://advisories.stormshield.eu/2026-010"
        }
      ]
    }

    CERTFR-2026-AVI-0483

    Vulnerability from certfr_avis - Published: 2026-04-23 - Updated: 2026-04-23

    De multiples vulnérabilités ont été découvertes dans Stormshield Management Center. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Management Center ShieldStormshield Management Center versions antérieures à 3.9.1
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "ShieldStormshield Management Center versions ant\u00e9rieures \u00e0 3.9.1",
          "product": {
            "name": "Stormshield Management Center",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-2006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
        },
        {
          "name": "CVE-2026-2005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
        },
        {
          "name": "CVE-2026-22795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
        },
        {
          "name": "CVE-2026-21717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
        },
        {
          "name": "CVE-2025-69421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
        },
        {
          "name": "CVE-2026-22796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
        },
        {
          "name": "CVE-2025-68160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
        },
        {
          "name": "CVE-2026-21713",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
        },
        {
          "name": "CVE-2025-11187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
        },
        {
          "name": "CVE-2026-2003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
        }
      ],
      "initial_release_date": "2026-04-23T00:00:00",
      "last_revision_date": "2026-04-23T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0483",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-04-23T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Management Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Management Center",
      "vendor_advisories": [
        {
          "published_at": "2026-04-22",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2026-008",
          "url": "https://advisories.stormshield.eu/2026-008"
        },
        {
          "published_at": "2026-04-22",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2026-005",
          "url": "https://advisories.stormshield.eu/2026-005"
        },
        {
          "published_at": "2026-04-22",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2026-004",
          "url": "https://advisories.stormshield.eu/2026-004"
        },
        {
          "published_at": "2026-04-22",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2026-009",
          "url": "https://advisories.stormshield.eu/2026-009"
        }
      ]
    }

    CERTFR-2026-AVI-0259

    Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11

    De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security SNS versions 4.4.x à 4.8.x antérieures à 4.8.15
    Stormshield Stormshield Network Security SNS versions 4.3.x antérieures à 4.3.42
    Stormshield Stormshield Network Security SNS versions 5.0.x antérieures à 5.0.5
    References
    Bulletin de sécurité StormShield 2026-001 2026-02-26 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "SNS versions 4.4.x \u00e0 4.8.x ant\u00e9rieures \u00e0 4.8.15",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "SNS versions 4.3.x ant\u00e9rieures \u00e0 4.3.42",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "SNS versions 5.0.x ant\u00e9rieures \u00e0 5.0.5",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-13176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
        },
        {
          "name": "CVE-2025-68160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
        },
        {
          "name": "CVE-2025-69418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
        }
      ],
      "initial_release_date": "2026-03-11T00:00:00",
      "last_revision_date": "2026-03-11T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0259",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-03-11T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network Security. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2026-02-26",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2026-001",
          "url": "https://advisories.stormshield.eu/2026-001"
        }
      ]
    }

    CERTFR-2026-AVI-0219

    Vulnerability from certfr_avis - Published: 2026-02-27 - Updated: 2026-02-27

    Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security Stormshield Network Security versions antérieures à 5.0.5
    References
    Bulletin de sécurité StormShield 2025-011 2026-02-26 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": " Stormshield Network Security versions ant\u00e9rieures \u00e0 5.0.5",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [],
      "initial_release_date": "2026-02-27T00:00:00",
      "last_revision_date": "2026-02-27T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0219",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-02-27T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2026-02-26",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2025-011",
          "url": "https://advisories.stormshield.eu/2025-011/"
        }
      ]
    }

    CERTFR-2026-AVI-0007

    Vulnerability from certfr_avis - Published: 2026-01-06 - Updated: 2026-01-06

    Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security Stormshield Network Security (SNS) versions 5.0.x antérieures à 5.0.4
    References
    Bulletin de sécurité StormShield 2025-010 2026-01-06 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Stormshield Network Security (SNS) versions 5.0.x ant\u00e9rieures \u00e0 5.0.4",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-31115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
        }
      ],
      "initial_release_date": "2026-01-06T00:00:00",
      "last_revision_date": "2026-01-06T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0007",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-01-06T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2026-01-06",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2025-010",
          "url": "https://advisories.stormshield.eu/2025-010"
        }
      ]
    }

    CERTFR-2025-AVI-1053

    Vulnerability from certfr_avis - Published: 2025-12-01 - Updated: 2025-12-01

    Une vulnérabilité a été découverte dans Stormshield Network VPN Client. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network VPN Client Stormshield Network VPN Client version 7.5.109
    References
    Bulletin de sécurité StormShield 2025-006 2025-11-27 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Stormshield Network VPN Client version 7.5.109",
          "product": {
            "name": "Stormshield Network VPN Client",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-11955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11955"
        }
      ],
      "initial_release_date": "2025-12-01T00:00:00",
      "last_revision_date": "2025-12-01T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1053",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-12-01T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network VPN Client. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network VPN Client",
      "vendor_advisories": [
        {
          "published_at": "2025-11-27",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2025-006",
          "url": "https://advisories.stormshield.eu/2025-006"
        }
      ]
    }

    CERTFR-2025-AVI-0816

    Vulnerability from certfr_avis - Published: 2025-09-25 - Updated: 2025-09-25

    Une vulnérabilité a été découverte dans StormShield Network Security. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security StormShield Network Security versions 4.7.x et 4.8.x antérieures à 4.8.12
    Stormshield Stormshield Network Security StormShield Network Security versions 5.0.x antérieures à 5.0.1
    Stormshield Stormshield Network Security StormShield Network Security versions 4.3.x antérieures à 4.3.40
    References
    Bulletin de sécurité StormShield 2025-003 2025-09-24 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "StormShield Network Security versions 4.7.x et 4.8.x ant\u00e9rieures \u00e0 4.8.12",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "StormShield Network Security versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "StormShield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.40",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-48707",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48707"
        }
      ],
      "initial_release_date": "2025-09-25T00:00:00",
      "last_revision_date": "2025-09-25T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0816",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-09-25T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans StormShield Network Security. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Vuln\u00e9rabilit\u00e9 dans StormShield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2025-09-24",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2025-003",
          "url": "https://advisories.stormshield.eu/2025-003/"
        }
      ]
    }

    CERTFR-2025-AVI-0488

    Vulnerability from certfr_avis - Published: - Updated:

    Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security Stormshield Network Security versions 4.3.x antérieures à 4.3.37
    Stormshield Stormshield Network Security Stormshield Network Security versions antérieures à 5.0.0
    Stormshield Stormshield Network Security Stormshield Network Security versions 4.7.x et 4.8.x antérieures à 4.8.9
    References
    Bulletin de sécurité StormShield 2024-029 2025-06-10 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.37",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 5.0.0",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield Network Security versions 4.7.x et 4.8.x ant\u00e9rieures \u00e0 4.8.9",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-44078",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-44078"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0488",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-06-11T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2025-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-029",
          "url": "https://advisories.stormshield.eu/2024-029/"
        }
      ]
    }

    CERTFR-2025-AVI-0250

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans StormShield Network Security. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security IPMI SN6100 versions antérieures à 1.86
    References
    Bulletin de sécurité StormShield 2023-033 2025-03-27 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "IPMI SN6100 versions ant\u00e9rieures \u00e0 1.86",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2021-26733",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-26733"
        },
        {
          "name": "CVE-2021-26730",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-26730"
        },
        {
          "name": "CVE-2021-26731",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-26731"
        },
        {
          "name": "CVE-2021-26732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-26732"
        },
        {
          "name": "CVE-2021-26729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-26729"
        },
        {
          "name": "CVE-2021-44776",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44776"
        },
        {
          "name": "CVE-2021-26728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-26728"
        },
        {
          "name": "CVE-2021-44467",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44467"
        },
        {
          "name": "CVE-2021-26727",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-26727"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0250",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-03-28T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans StormShield Network Security. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans StormShield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2025-03-27",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2023-033",
          "url": "https://advisories.stormshield.eu/2023-033"
        }
      ]
    }

    CERTFR-2025-AVI-0249

    Vulnerability from certfr_avis - Published: - Updated:

    Une vulnérabilité a été découverte dans StormShield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security StormShield Network Security versions 4.3.x antérieures à 4.3.35
    References
    Bulletin de sécurité StormShield 2025-002 2025-03-27 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "StormShield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.35",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-27829",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27829"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0249",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-03-27T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans StormShield Network Security. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
      "title": "Vuln\u00e9rabilit\u00e9 dans StormShield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2025-03-27",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2025-002",
          "url": "https://advisories.stormshield.eu/2025-002/"
        }
      ]
    }

    CERTFR-2024-AVI-1089

    Vulnerability from certfr_avis - Published: - Updated:

    Une vulnérabilité a été découverte dans Stormshield Stormshield Management Center. Elle permet à un attaquant de provoquer un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Management Center Stormshield Management Center (SMC) versions antérieures à 3.7.0
    References
    Bulletin de sécurité StormShield 2024-32 2024-12-17 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Stormshield Management Center (SMC) versions ant\u00e9rieures \u00e0 3.7.0",
          "product": {
            "name": "Stormshield Management Center",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-45590",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
        }
      ],
      "links": [],
      "reference": "CERTFR-2024-AVI-1089",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-12-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Stormshield Management Center. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
      "title": "Vuln\u00e9rabilit\u00e9 dans les produits StormShield Management Center",
      "vendor_advisories": [
        {
          "published_at": "2024-12-17",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-32",
          "url": "https://advisories.stormshield.eu/2024-32"
        }
      ]
    }

    CERTFR-2024-AVI-0985

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security Stormshield Network Security versions 4.8.x antérieures à 4.8.4
    Stormshield Stormshield Network Security Stormshield Network Security versions antérieures à 4.3.32
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Stormshield Network Security versions 4.8.x ant\u00e9rieures \u00e0 4.8.4",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 4.3.32",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-44077",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-44077"
        },
        {
          "name": "CVE-2024-20505",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20505"
        }
      ],
      "links": [],
      "reference": "CERTFR-2024-AVI-0985",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-11-14T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network Security. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2024-11-13",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-028",
          "url": "https://advisories.stormshield.eu/2024-028/"
        },
        {
          "published_at": "2024-11-13",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-034",
          "url": "https://advisories.stormshield.eu/2024-034"
        }
      ]
    }

    CERTFR-2024-AVI-0804

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security Stormshield Network Security versions 4.4.x à 4.7.x antérieures à 4.7.9
    Stormshield Stormshield Network Security Stormshield Network Security versions antérieures à 4.3.30
    Stormshield Stormshield Network Security Stormshield Network Security versions 4.8.x antérieures à 4.8.3
    Stormshield Stormshield Network VPN Client Stormshield VPN Client Exclusive sans le correctif de sécurité EC VULN IS 1986
    Stormshield Stormshield Network VPN Client Stormshield VPN Client Standard sans le correctif de sécurité VULN EC IS 1992
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Stormshield Network Security versions 4.4.x \u00e0 4.7.x ant\u00e9rieures \u00e0 4.7.9",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 4.3.30",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield Network Security versions 4.8.x ant\u00e9rieures \u00e0 4.8.3",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield VPN Client Exclusive  sans le correctif de s\u00e9curit\u00e9 EC VULN IS 1986",
          "product": {
            "name": "Stormshield Network VPN Client",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield VPN Client Standard sans le correctif de s\u00e9curit\u00e9 VULN EC IS 1992",
          "product": {
            "name": "Stormshield Network VPN Client",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-39706",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-39706"
        },
        {
          "name": "CVE-2024-45750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45750"
        },
        {
          "name": "CVE-2024-3596",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
        }
      ],
      "links": [],
      "reference": "CERTFR-2024-AVI-0804",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-09-25T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Stormshield. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
      "vendor_advisories": [
        {
          "published_at": "2024-09-24",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-030",
          "url": "https://advisories.stormshield.eu/2024-030/"
        },
        {
          "published_at": "2024-09-25",
          "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2024-031",
          "url": "https://advisories.stormshield.eu/2024-031/"
        },
        {
          "published_at": "2024-09-24",
          "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2024-024",
          "url": "https://advisories.stormshield.eu/2024-024/"
        }
      ]
    }

    CERTFR-2024-AVI-0650

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Stormshield Management Center. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Management Center Stormshield Management Center (SMC) versions antérieures à 3.6.0
    References
    Bulletin de sécurité StormShield 2024-01 2024-01-22 vendor-advisory
    Bulletin de sécurité StormShield 2024-027 2024-07-05 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Stormshield Management Center (SMC) versions ant\u00e9rieures \u00e0 3.6.0",
          "product": {
            "name": "Stormshield Management Center",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2023-48795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
        },
        {
          "name": "CVE-2024-6387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
        }
      ],
      "links": [],
      "reference": "CERTFR-2024-AVI-0650",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-08-05T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Management Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Management Center ",
      "vendor_advisories": [
        {
          "published_at": "2024-01-22",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-01",
          "url": "https://advisories.stormshield.eu/2024-01"
        },
        {
          "published_at": "2024-07-05",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-027",
          "url": "https://advisories.stormshield.eu/2024-027"
        }
      ]
    }

    CERTFR-2024-AVI-0635

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans StormShield Management Center. Elles permettent à un attaquant de provoquer un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Management Center Management Center versions antérieures à 3.6.0
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Management Center versions ant\u00e9rieures \u00e0 3.6.0",
          "product": {
            "name": "Stormshield Management Center",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2023-6237",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
        },
        {
          "name": "CVE-2024-4603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
        },
        {
          "name": "CVE-2023-5678",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
        }
      ],
      "links": [],
      "reference": "CERTFR-2024-AVI-0635",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-07-30T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans StormShield Management Center. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans StormShield Management Center",
      "vendor_advisories": [
        {
          "published_at": "2024-07-30",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-022",
          "url": "https://advisories.stormshield.eu/2024-022"
        },
        {
          "published_at": "2024-07-30",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-23",
          "url": "https://advisories.stormshield.eu/2024-23"
        },
        {
          "published_at": "2024-07-30",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2023-036",
          "url": "https://advisories.stormshield.eu/2023-036"
        }
      ]
    }

    CERTFR-2024-AVI-0586

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Stormshield Stormshield Network Security Stormshield Network Security versions 3.7.x antérieures à 3.7.42
    Stormshield Stormshield Network Security Stormshield Network Security versions 4.x antérieures à 4.3.27
    Stormshield Stormshield Network Security Stormshield Network Security versions ultérieures à 4.4.0 et antérieures à 4.7.6
    Stormshield Stormshield Network Security Stormshield Network Security versions 3.1x.x antérieures à 3.11.30
    Stormshield Stormshield Network Security Stormshield Network Security versions 4.8.x antérieures à 4.8.1
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.42",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield Network Security versions 4.x ant\u00e9rieures \u00e0 4.3.27",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield Network Security versions ult\u00e9rieures \u00e0 4.4.0 et ant\u00e9rieures \u00e0 4.7.6",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield Network Security versions 3.1x.x ant\u00e9rieures \u00e0 3.11.30",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        },
        {
          "description": "Stormshield Network Security versions 4.8.x ant\u00e9rieures \u00e0 4.8.1",
          "product": {
            "name": "Stormshield Network Security",
            "vendor": {
              "name": "Stormshield",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-31946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31946"
        },
        {
          "name": "CVE-2024-37386",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37386"
        },
        {
          "name": "CVE-2022-47522",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-47522"
        }
      ],
      "links": [],
      "reference": "CERTFR-2024-AVI-0586",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-07-16T00:00:00.000000"
        },
        {
          "description": "Suppression de la CVE-2024-3094 non applicable",
          "revision_date": "2024-08-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Stormshield. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
      "vendor_advisories": [
        {
          "published_at": "2024-05-28",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-017",
          "url": "https://advisories.stormshield.eu/2024-017/"
        },
        {
          "published_at": "2024-04-10",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-007",
          "url": "https://advisories.stormshield.eu/2024-007"
        },
        {
          "published_at": "2024-05-28",
          "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-018",
          "url": "https://advisories.stormshield.eu/2024-018/"
        }
      ]
    }

    VAR-202208-0404

    Vulnerability from variot - Updated: 2024-07-23 21:15

    zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

    Security Fix(es):

    • github.com/Masterminds/vcs: Command Injection via argument injection (CVE-2022-21235)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

    1. Solution:

    For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

    You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

    The sha values for the release are

    (For x86_64 architecture) The image digest is sha256:c6771b12bd873c0e3e5fbc7afa600d92079de6534dcb52f09cb1d22ee49608a9

    (For s390x architecture) The image digest is sha256:622b5361f95d1d512ea84f363ac06155cbb9ee28e85ccaae1acd80b98b660fa8

    (For ppc64le architecture) The image digest is sha256:50c131cf85dfb00f258af350a46b85eff8fb8084d3e1617520cd69b59caeaff7

    (For aarch64 architecture) The image digest is sha256:9e575c4ece9caaf31acbef246ccad71959cd5bf634e7cb284b0849ddfa205ad7

    All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection

    1. JIRA issues fixed (https://issues.redhat.com/):

    OCPBUGS-15446 - (release-4.11) gather "gateway-mode-config" config map from "openshift-network-operator" namespace OCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup') OCPBUGS-15645 - Can't use git lfs in BuildConfig git source with strategy Docker OCPBUGS-15739 - Environment cannot find Python OCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions OCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host OCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update Advisory ID: RHSA-2023:3742-02 Product: Red Hat OpenShift Data Foundation Advisory URL: https://access.redhat.com/errata/RHSA-2023:3742 Issue date: 2023-06-21 CVE Names: CVE-2015-20107 CVE-2018-25032 CVE-2020-10735 CVE-2020-16250 CVE-2020-16251 CVE-2020-17049 CVE-2021-3765 CVE-2021-3807 CVE-2021-4231 CVE-2021-4235 CVE-2021-4238 CVE-2021-28861 CVE-2021-43519 CVE-2021-43998 CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2021-44964 CVE-2021-46828 CVE-2021-46848 CVE-2022-0670 CVE-2022-1271 CVE-2022-1304 CVE-2022-1348 CVE-2022-1586 CVE-2022-1587 CVE-2022-2309 CVE-2022-2509 CVE-2022-2795 CVE-2022-2879 CVE-2022-2880 CVE-2022-3094 CVE-2022-3358 CVE-2022-3515 CVE-2022-3517 CVE-2022-3715 CVE-2022-3736 CVE-2022-3821 CVE-2022-3924 CVE-2022-4415 CVE-2022-21824 CVE-2022-23540 CVE-2022-23541 CVE-2022-24903 CVE-2022-26280 CVE-2022-27664 CVE-2022-28805 CVE-2022-29154 CVE-2022-30635 CVE-2022-31129 CVE-2022-32189 CVE-2022-32190 CVE-2022-33099 CVE-2022-34903 CVE-2022-35737 CVE-2022-36227 CVE-2022-37434 CVE-2022-38149 CVE-2022-38900 CVE-2022-40023 CVE-2022-40303 CVE-2022-40304 CVE-2022-40897 CVE-2022-41316 CVE-2022-41715 CVE-2022-41717 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42919 CVE-2022-43680 CVE-2022-45061 CVE-2022-45873 CVE-2022-46175 CVE-2022-47024 CVE-2022-47629 CVE-2022-48303 CVE-2022-48337 CVE-2022-48338 CVE-2022-48339 CVE-2023-0361 CVE-2023-0620 CVE-2023-0665 CVE-2023-2491 CVE-2023-22809 CVE-2023-24329 CVE-2023-24999 CVE-2023-25000 CVE-2023-25136 =====================================================================

    1. Summary:

    Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

    Security Fix(es):

    • goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)

    • decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)

    • vault: Hashicorp Vault AWS IAM Integration Authentication Bypass (CVE-2020-16250)

    • vault: GCP Auth Method Allows Authentication Bypass (CVE-2020-16251)

    • nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

    • go-yaml: Denial of Service in go-yaml (CVE-2021-4235)

    • vault: incorrect policy enforcement (CVE-2021-43998)

    • nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)

    • nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)

    • nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)

    • golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)

    • golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)

    • nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)

    • jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass (CVE-2022-23540)

    • jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC (CVE-2022-23541)

    • golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)

    • golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

    • golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)

    • consul: Consul Template May Expose Vault Secrets When Processing Invalid Input (CVE-2022-38149)

    • vault: insufficient certificate revocation list checking (CVE-2022-41316)

    • golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)

    • golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

    • net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

    • golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)

    • golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)

    • json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)

    • vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File (CVE-2023-0620)

    • hashicorp/vault: Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata (CVE-2023-0665)

    • Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation (CVE-2023-24999)

    • hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations (CVE-2023-25000)

    • validator: Inefficient Regular Expression Complexity in Validator.js (CVE-2021-3765)

    • nodejs: Prototype pollution via console.table properties (CVE-2022-21824)

    • golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:

    https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index

    All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1786696 - UI->Dashboards->Overview->Alerts shows MON components are at different versions, though they are NOT 1855339 - Wrong version of ocs-storagecluster 1943137 - [Tracker for BZ #1945618] rbd: Storage is not reclaimed after persistentvolumeclaim and job that utilized it are deleted 1944687 - [RFE] KMS server connection lost alert 1989088 - [4.8][Multus] UX experience issues and enhancements 2005040 - Uninstallation of ODF StorageSystem via OCP Console fails, gets stuck in Terminating state 2005830 - [DR] DRPolicy resource should not be editable after creation 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2028193 - CVE-2021-43998 vault: incorrect policy enforcement 2040839 - CVE-2021-44531 nodejs: Improper handling of URI Subject Alternative Names 2040846 - CVE-2021-44532 nodejs: Certificate Verification Bypass via String Injection 2040856 - CVE-2021-44533 nodejs: Incorrect handling of certificate subject and issuer fields 2040862 - CVE-2022-21824 nodejs: Prototype pollution via console.table properties 2042914 - [Tracker for BZ #2013109] [UI] Refreshing web console from the pop-up is taking to Install Operator page. 2052252 - CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 [CVE] nodejs: various flaws [openshift-data-foundation-4] 2101497 - ceph_mon_metadata metrics are not collected properly 2101916 - must-gather is not collecting ceph logs or coredumps 2102304 - [GSS] Remove the entry of removed node from Storagecluster under Node Topology 2104148 - route ocs-storagecluster-cephobjectstore misconfigured to use http and https on same http route in haproxy.config 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2115020 - [RDR] Sync schedule is not removed from mirrorpeer yaml after DR Policy is deleted 2115616 - [GSS] failing to change ownership of the NFS based PVC for PostgreSQL pod by using kube_pv_chown utility 2119551 - CVE-2022-38149 consul: Consul Template May Expose Vault Secrets When Processing Invalid Input 2120098 - [RDR] Even before an action gets fully completed, PeerReady and Available are reported as True in the DRPC yaml 2120944 - Large Omap objects found in pool 'ocs-storagecluster-cephfilesystem-metadata' 2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2126299 - CVE-2021-3765 validator: Inefficient Regular Expression Complexity in Validator.js 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function 2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking 2139037 - [cee/sd]Unable to access s3 via RGW route ocs-storagecluster-cephobjectstore 2141095 - [RDR] Storage System page on ACM Hub is visible even when data observability is not enabled 2142651 - RFE: OSDs need ability to bind to a service IP instead of the pod IP to support RBD mirroring in OCP clusters 2142894 - Credentials are ignored when creating a Backing/Namespace store after prompted to enter a name for the resource 2142941 - RGW cloud Transition. HEAD/GET requests to MCG are failing with 403 error 2143944 - [GSS] unknown parameter name "FORCE_OSD_REMOVAL" 2144256 - [RDR] [UI] DR Application applied to a single DRPolicy starts showing connected to multiple policies due to console flickering 2151903 - [MCG] Azure bs/ns creation fails with target bucket does not exists 2152143 - [Noobaa Clone] Secrets are used in env variables 2154250 - NooBaa Bucket Quota alerts are not working 2155507 - RBD reclaimspace job fails when the PVC is not mounted 2155743 - ODF Dashboard fails to load 2156067 - [RDR] [UI] When Peer Ready isn't True, UI doesn't reset the error message even when no subscription group is selected 2156069 - [UI] Instances of OCS can be seen on BlockPool action modals 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156519 - 4.13: odf-csi-addons-operator failed with OwnNamespace InstallModeType not supported 2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2157876 - [OCP Tracker] [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn't appear after ODF upgrade resulting in dashboard crash 2158922 - Namespace store fails to get created via the ODF UI 2159676 - rbd-mirror logs are rotated very frequently, increase the default maxlogsize for rbd-mirror 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2161879 - logging issue when deleting webhook resources 2161937 - collect kernel and journal logs from all worker nodes 2162257 - [RDR][CEPHFS] sync/replication is getting stopped for some pvc 2164617 - Unable to expand ocs-storagecluster-ceph-rbd PVCs provisioned in Filesystem mode 2165495 - Placement scheduler is using too much resources 2165504 - Sizer sharing link is broken 2165929 - [RFE] ODF bluewash introduction in 4.12.x 2165938 - ocs-operator CSV is missing disconnected env annotation. 2165984 - [RDR] Replication stopped for images is represented with incorrect color 2166222 - CSV is missing disconnected env annotation and relatedImages spec 2166234 - Application user unable to invoke Failover and Relocate actions 2166869 - Match the version of consoleplugin to odf operator 2167299 - [RFE] ODF bluewash introduction in 4.12.x 2167308 - [mcg-clone] Security and VA issues with ODF operator 2167337 - CVE-2020-16250 vault: Hashicorp Vault AWS IAM Integration Authentication Bypass 2167340 - CVE-2020-16251 vault: GCP Auth Method Allows Authentication Bypass 2167946 - CSV is missing disconnected env annotation and relatedImages spec 2168113 - [Ceph Tracker BZ #2141110] [cee/sd][Bluestore] Newly deployed bluestore OSD's showing high fragmentation score 2168635 - fix redirect link to operator details page (OCS dashboard) 2168840 - [Fusion-aaS][ODF 4.13]Within 'prometheus-ceph-rules' the namespace for 'rook-ceph-mgr' jobs should be configurable. 2168849 - Must-gather doesn't collect coredump logs crucial for OSD crash events 2169375 - CVE-2022-23541 jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC 2169378 - CVE-2022-23540 jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass 2169779 - [vSphere]: rook-ceph-mon- pvc are in pending state 2170644 - CVE-2022-38900 decode-uri-component: improper input validation resulting in DoS 2170673 - [RDR] Different replication states of PVC images aren't correctly distinguished and representated on UI 2172089 - [Tracker for Ceph BZ 2174461] rook-ceph-nfs pod is stuck at status 'CreateContainerError' after enabling NFS in ODF 4.13 2172365 - [csi-addons] odf-csi-addons-operator oomkilled with fresh installation 4.12 2172521 - No OSD pods are created for 4.13 LSO deployment 2173161 - ODF-console can not start when you disable IPv6 on Node with kernel parameter. 2173528 - Creation of OCS operator tag automatically for verified commits 2173534 - When on StorageSystem details click on History back btn it shows blank body 2173926 - [RFE] Include changes in MCG for new Ceph RGW transition headers 2175612 - noobaa-core-0 crashing and storagecluster not getting to ready state during ODF deployment with FIPS enabled in 4.13cluster 2175685 - RGW OBC creation via the UI is blocked by "Address form errors to proceed" error 2175714 - UI fix- capitalization 2175867 - Rook sets cephfs kernel mount options even when mon is using v1 port 2176080 - odf must-gather should collect output of oc get hpa -n openshift-storage 2176456 - [RDR] ramen-hub-operator and ramen-dr-cluster-operator is going into CLBO post deployment 2176739 - [UI] CSI Addons operator icon is broken 2176776 - Enable save options only when the protected apps has labels for manage DRPolicy 2176798 - [IBM Z ] Multi Cluster Orchestrator operator is not available in the Operator Hub 2176809 - [IBM Z ] DR operator is not available in the Operator Hub 2177134 - Next button if disabled for storage system deployment flow for IBM Ceph Storage security and network step when there is no OCS installed already 2177221 - Enable DR dashboard only when ACM observability is enabled 2177325 - Noobaa-db pod is taking longer time to start up in ODF 4.13 2177695 - DR dashbaord showing incorrect RPO data 2177844 - CVE-2023-24999 Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation 2178033 - node topology warnings tab doesn't show pod warnings 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 2178588 - No rack names on ODF Topology 2178619 - odf-operator failing to resolve its sub-dependencies leaving the ocs-consumer/provider addon in a failed and halted state 2178682 - [GSS] Add the valid AWS GovCloud regions in OCS UI. 2179133 - [UI] A blank page appears while selecting Storage Pool for creating Encrypted Storage Class 2179337 - Invalid storage system href link on the ODF multicluster dashboard 2179403 - (4.13) Mons are failing to start when msgr2 is required with RHCS 6.1 2179846 - [IBM Z] In RHCS external mode Cephobjectstore creation fails as it reports that the "object store name cannot be longer than 38 characters" 2179860 - [MCG] Bucket replication with deletion sync isn't complete 2179976 - [ODF 4.13] Missing the status-reporter binary causing pods "report-status-to-provider" remain in CreateContainerError on ODF to ODF cluster on ROSA 2179981 - ODF Topology search bar mistakes to find searched node/pod 2179997 - Topology. Exit full screen does not appear in Full screen mode 2180211 - StorageCluster stuck in progressing state for Thales KMS deployment 2180397 - Last sync time is missing on application set's disaster recovery status popover 2180440 - odf-monitoring-tool. YAML file misjudged as corrupted 2180921 - Deployment with external cluster in ODF 4.13 with unable to use cephfs as backing store for image_registry 2181112 - [RDR] [UI] Hide disable DR functionality as it would be un-tested in 4.13 2181133 - CI: backport E2E job improvements 2181446 - [KMS][UI] PVC provisioning failed in case of vault kubernetes authentication is configured. 2181535 - [GSS] Object storage in degraded state 2181551 - Build: move to 'dependencies' the ones required for running a build 2181832 - Create OBC via UI, placeholder on StorageClass dropped 2181949 - [ODF Tracker] [RFE] Catch MDS damage to the dentry's first snapid 2182041 - OCS-Operator expects NooBaa CRDs to be present on the cluster when installed directly without ODF Operator 2182296 - [Fusion-aaS][ODF 4.13]must-gather does not collect relevant logs when storage cluster is not in openshift-storage namespace 2182375 - [MDR] Not able to fence DR clusters 2182644 - [IBM Z] MDR policy creation fails unless the ocs-operator pod is restarted on the managed clusters 2182664 - Topology view should hide the sidebar when changing levels 2182703 - [RDR] After upgrading from 4.12.2 to 4.13.0 version.odf.openshift.io cr is not getting updated with latest ODF version 2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations 2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata 2183155 - failed to mount the the cephfs subvolume as subvolumegroup name is not sent in the GetStorageConfig RPC call 2183196 - [Fusion-aaS] Collect Must-gather logs from the managed-fusion agent namesapce 2183266 - [Fusion aaS Rook ODF 4.13]] Rook-ceph-operator pod should allow OBC CRDs to be optional instead of causing a crash when not present 2183457 - [RDR] when running any ceph cmd we see error 2023-03-31T08:25:31.844+0000 7f8deaffd640 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2,1] 2183478 - [MDR][UI] Cannot relocate subscription based apps, Appset based apps are possible to relocate 2183520 - [Fusion-aaS] csi-cephfs-plugin pods are not created after installing ocs-client-operator 2184068 - [Fusion-aaS] Failed to mount CephFS volumes while creating pods 2184605 - [ODF 4.13][Fusion-aaS] OpenShift Data Foundation Client operator is listed in OperatorHub and installable from UI 2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File 2184769 - {Fusion-aaS][ODF 4.13]Remove storageclassclaim cr and create new cr storageclass request cr 2184773 - multicluster-orchestrator should not reset spec.network.multiClusterService.Enabled field added by user 2184892 - Don't pass encryption options to ceph cluster in odf external mode to provider/consumer cluster 2184984 - Topology Sidebar alerts panel: alerts accordion does not toggle when clicking on alert severity text 2185164 - [KMS][VAULT] PVC provisioning is failing when the Vault (HCP) Kubernetes authentication is set. 2185188 - Fix storagecluster watch request for OCSInitialization 2185757 - add NFS dashboard 2185871 - [MDR][ACM-Tracker] Deleting an Appset based application does not delete its placement 2186171 - [GSS] "disableLoadBalancerService: true" config is reconciled after modifying the number of NooBaa endpoints 2186225 - [RDR] when running any ceph cmd we see error 2023-03-31T08:25:31.844+0000 7f8deaffd640 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2,1] 2186475 - handle different network connection spec & Pass appropriate options for all the cases of Network Spec 2186752 - [translations] add translations for 4.13 2187251 - sync ocs and odf with the latest rook 2187296 - [MCG] Can't opt out of deletions sync once log-based replication with deletions sync is set 2187736 - [RDR] Replication history graph is showing incorrect value 2187952 - When cluster controller is cancelled frequently, multiple simultaneous controllers cause issues since need to wait for shutdown before continuing new controller 2187969 - [ODFMS-Migration ] [OCS Client Operator] csi-rbdplugin stuck in ImagePullBackOff on consumer clusters after Migration 2187986 - [MDR] ramen-dr-cluster-operator pod is in CLBO after assigning dr policy to an appset based app 2188053 - ocs-metrics-exporter cannot list/watch StorageCluster, StorageClass, CephBlockPool and other resources 2188238 - [RDR] Avoid using the terminologies "SLA" in DR dashbaord 2188303 - [RDR] Maintenance mode is not enabled after initiating failover action 2188427 - [External mode upgrade]: Upgrade from 4.12 -> 4.13 external mode is failing because rook-ceph-operator is not reaching clean state 2188666 - wrong label in new storageclassrequest cr 2189483 - After upgrade noobaa-db-pg-0 pod using old image in one of container 2189929 - [RDR/MDR] [UI] Dashboard fon size are very uneven 2189982 - [RDR] ocs_rbd_client_blocklisted datapoints and the corresponding alert is not getting generated 2189984 - [KMS][VAULT] Storage cluster remains in 'Progressing' state during deployment with storage class encryption, despite all pods being up and running. 2190129 - OCS Provider Server logs are incorrect 2190241 - nfs metric details are unavailable and server health is displaying as "Degraded" under Network file system tab in UI 2192088 - [IBM P] rbd_default_map_options value not set to ms_mode=secure in in-transit encryption enabled ODF cluster 2192670 - Details tab for nodes inside Topology throws "Something went wrong" on IBM Power platform 2192824 - [4.13] Fix Multisite in external cluster 2192875 - Enable ceph-exporter in rook 2193114 - MCG replication is failing due to OC binary incompatible on Power platform 2193220 - [Stretch cluster] CephCluster is updated frequently due to changing ordering of zones 2196176 - MULTUS UI, There is no option to change the multus configuration after we configure the params 2196236 - [RDR] With ACM 2.8 User is not able to apply Drpolicy to subscription workload 2196298 - [RDR] DRPolicy doesn't show connected application when subscription based workloads are deployed via CLI 2203795 - ODF Monitoring is missing some of the ceph_ metric values 2208029 - nfs server health is always displaying as "Degraded" under Network file system tab in UI. 2208079 - rbd mirror daemon is commonly not upgraded 2208269 - [RHCS Tracker] After add capacity the rebalance does not complete, and we see 2 PGs in active+clean+scrubbing and 1 active+clean+scrubbing+deep 2208558 - [MDR] ramen-dr-cluster-operator pod crashes during failover 2208962 - [UI] ODF Topology. Degraded cluster don't show red canvas on cluster level 2209364 - ODF dashboard crashes when OCP and ODF are upgraded 2209643 - Multus, Cephobjectstore stuck on Progressing state because " failed to create or retrieve rgw admin ops user" 2209695 - When collecting Must-gather logs shows /usr/bin/gather_ceph_resources: line 341: jq: command not found 2210964 - [UI][MDR] After hub recovery in overview tab of data policies Application set apps count is not showing 2211334 - The replication history graph is very unclear 2211343 - [MCG-Only]: upgrade failed from 4.12 to 4.13 due to missing CSI_ENABLE_READ_AFFINITY in ConfigMap openshift-storage/ocs-operator-config 2211704 - Multipart uploads fail to a Azure namespace bucket when user MD is sent as part of the upload

    1. References:

    https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2020-10735 https://access.redhat.com/security/cve/CVE-2020-16250 https://access.redhat.com/security/cve/CVE-2020-16251 https://access.redhat.com/security/cve/CVE-2020-17049 https://access.redhat.com/security/cve/CVE-2021-3765 https://access.redhat.com/security/cve/CVE-2021-3807 https://access.redhat.com/security/cve/CVE-2021-4231 https://access.redhat.com/security/cve/CVE-2021-4235 https://access.redhat.com/security/cve/CVE-2021-4238 https://access.redhat.com/security/cve/CVE-2021-28861 https://access.redhat.com/security/cve/CVE-2021-43519 https://access.redhat.com/security/cve/CVE-2021-43998 https://access.redhat.com/security/cve/CVE-2021-44531 https://access.redhat.com/security/cve/CVE-2021-44532 https://access.redhat.com/security/cve/CVE-2021-44533 https://access.redhat.com/security/cve/CVE-2021-44964 https://access.redhat.com/security/cve/CVE-2021-46828 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-0670 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1348 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1587 https://access.redhat.com/security/cve/CVE-2022-2309 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-2879 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-3094 https://access.redhat.com/security/cve/CVE-2022-3358 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3517 https://access.redhat.com/security/cve/CVE-2022-3715 https://access.redhat.com/security/cve/CVE-2022-3736 https://access.redhat.com/security/cve/CVE-2022-3821 https://access.redhat.com/security/cve/CVE-2022-3924 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-21824 https://access.redhat.com/security/cve/CVE-2022-23540 https://access.redhat.com/security/cve/CVE-2022-23541 https://access.redhat.com/security/cve/CVE-2022-24903 https://access.redhat.com/security/cve/CVE-2022-26280 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-28805 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-32189 https://access.redhat.com/security/cve/CVE-2022-32190 https://access.redhat.com/security/cve/CVE-2022-33099 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-38149 https://access.redhat.com/security/cve/CVE-2022-38900 https://access.redhat.com/security/cve/CVE-2022-40023 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-40897 https://access.redhat.com/security/cve/CVE-2022-41316 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-42919 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/cve/CVE-2022-45061 https://access.redhat.com/security/cve/CVE-2022-45873 https://access.redhat.com/security/cve/CVE-2022-46175 https://access.redhat.com/security/cve/CVE-2022-47024 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/cve/CVE-2022-48337 https://access.redhat.com/security/cve/CVE-2022-48338 https://access.redhat.com/security/cve/CVE-2022-48339 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0620 https://access.redhat.com/security/cve/CVE-2023-0665 https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/cve/CVE-2023-22809 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-24999 https://access.redhat.com/security/cve/CVE-2023-25000 https://access.redhat.com/security/cve/CVE-2023-25136 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBZJTCdtzjgjWX9erEAQg+Bw/8DMJst89ezTMnzgSKR5q+EzfkajgA1+hZ pk9CcsCzrIISkbi+6uvkfRPe7hwHstigfswCsuh4d98lad20WKw9UUYMsFOQlGW5 Izzxf5a1Uw/pdO/61f4k6Ze7E4gANneknQiiiUFpA4lF7RkuBoeWYoB12r+Y3O/t l8CGEVAk/DBn2WVc5PL7o7683A6tS8Z5FNpyPg2tvtpdYkr1cw2+L2mcBHpiAjUr S+Jaj5/qf8Z/TIZY7vvOqr6YCDrMnbZChbvYaPCwaRqbOb1RbGW++c9hEWKnaNbm XiIgTY4d75+y7afRFoc9INZ1SjvL7476LCABGXmEEocuwHRU7K4u4rGyOXzDz5xb 3zgJO58oVr6RPHvpDsxoqOwEbhfdNpRpBcuuzAThe9w5Cnh45UnEU5sJKY/1U1qo UxBeMoFrrhUdrE4A1Gsr0GcImh6JDJXweIJe1C6FI9e3/J5HM7mR4Whznz+DslXL CNmmPWs5afjrrgVVaDuDYq3m7lwuCTODHRVSeWGrtyhnNc6RNtjJi9fumqavP07n 8lc4v4c56lMVDpwQQkYMCJEzHrYDWeFDza9KdDbddvLtkoYXxJQiGwp0BZne1ArV lU3PstRRagnbV6yf/8LPSaSQZAVBnEe2YoF83gJbpFEhYimOCHS9BzC0qce7lypR vhbUlNurVkU= =4jwh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

    Bug Fix(es):

    • Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)

    • Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)

    • Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)

    • [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)

    • Fedora version in DataImportCrons is not 'latest' (BZ#2102694)

    • [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)

    • CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)

    • Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)

    • Unable to start windows VMs on PSI setups (BZ#2115371)

    • [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)

    • Mark Windows 11 as TechPreview (BZ#2129013)

    • 4.11.1 rpms (BZ#2139453)

    This advisory contains the following OpenShift Virtualization 4.11.1 images.

    RHEL-8-CNV-4.11

    virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays

    1. JIRA issues fixed (https://issues.jboss.org/):

    LOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node

    1. Description:

    Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.

    For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

    Security fixes:

    • CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
    • CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
    • CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
    • CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

    Bugs addressed:

    • subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)
    • [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)
    • Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)
    • submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)
    • Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)
    • unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)
    • [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)
    • Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)
    • RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)
    • Submariner OVN support (ACM-1358)
    • Submariner Azure Console support (ACM-1388)
    • ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)
    • Submariner on disconnected ACM #22000 (ACM-1678)
    • Submariner gateway: Error creating AWS security group if already exists (ACM-2055)
    • Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)
    • The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)
    • The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)
    • Subctl 0.14.0 prints version "vsubctl" (ACM-2132)
    • managedclusters "local-cluster" not found and missing Submariner Broker CRD (ACM-2145)
    • Add support of ARO to Submariner deployment (ACM-2150)
    • The e2e tests execution fails for "Basic TCP connectivity" tests (ACM-2204)
    • Gateway error shown "diagnose all" tests (ACM-2206)
    • Submariner does not support cluster "kube-proxy ipvs mode"(ACM-2211)
    • Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)
    • Cannot use submariner with OSP and self signed certs (ACM-2274)
    • Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)
    • Subctl 0.14.1 prints version "devel" (ACM-2482)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2013711 - subctl diagnose firewall metrics does not work on merged kubeconfig 2097381 - [Submariner] - Fails to increase gateway amount after deployment 2108634 - Submariner gateway node does not get deleted with subctl cloud cleanup command 2119362 - submariner GW pods are unable to resolve the DNS of the Broker K8s API URL 2124219 - Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2130326 - unable to run subctl benchmark latency, pods fail with ImagePullBackOff 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2136442 - [IBM Z] - Submariner addon unistallation doesnt work from ACM console 2139477 - Tags on AWS security group for gateway node break cloud-controller LoadBalancer 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

    1. JIRA issues fixed (https://issues.jboss.org/):

    ACM-1614 - ManagedClusterSet consumers migrate to v1beta2 (Submariner) ACM-2055 - Submariner gateway: Error creating AWS security group if already exists ACM-2057 - [Submariner] - submariner gateway security group in aws not deleted when uninstalling submariner ACM-2058 - [Submariner] - The submariner-metrics-proxy pod pulls an image with wrong naming convention ACM-2067 - [Submariner] - The submariner-metrics-proxy pod is not part of the Agent readiness check ACM-2132 - Subctl 0.14.0 prints version "vsubctl" ACM-2145 - managedclusters "local-cluster" not found and missing Submariner Broker CRD ACM-2150 - Add support of ARO to Submariner deployment ACM-2204 - [Submariner] - e2e tests execution fails for "Basic TCP connectivity" tests ACM-2206 - [Submariner] - Gateway error shown "diagnose all" tests ACM-2211 - [Submariner] - Submariner does not support cluster "kube-proxy ipvs mode" ACM-2256 - [Submariner] - Vsphere cluster shows Pod Security admission controller warnings ACM-2274 - Cannot use submariner with OSP and self signed certs ACM-2387 - [Submariner] - subctl diagnose tests spawn nettest image with wrong tag nameing convention ACM-2482 - Subctl 0.14.1 prints version "devel"

    1. This advisory contains the following OpenShift Virtualization 4.12.0 images:

    Security Fix(es):

    • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

    • kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)

    • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

    • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

    • golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

    • golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

    • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

    • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

    • golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

    • golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

    • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

    • golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

    • golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

    • golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

    • golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

    • golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

    • golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

    • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    RHEL-8-CNV-4.12

    ============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89

    1. Solution:

    Before applying this update, you must apply all previously released errata relevant to your system.

    To apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label app.kubernetes.io/name: common-templates 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container

    1. Description:

    The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Users of these images are also encouraged to rebuild all container images that depend on these images.

    Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):

    2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens

    1. JIRA issues fixed (https://issues.jboss.org/):

    CIAM-4412 - Build new OCP image for rh-sso-7/sso76-openshift-rhel8 CIAM-4413 - Generate new operator bundle image for this patch

    1. Summary:

    An update is now available for Migration Toolkit for Runtimes (v1.0.1). Bugs fixed (https://bugzilla.redhat.com/):

    2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2148199 - CVE-2022-39278 Istio: Denial of service attack via a specially crafted message 2148661 - CVE-2022-3962 kiali: error message spoofing in kiali UI 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

    1. JIRA issues fixed (https://issues.jboss.org/):

    OSSM-1977 - Support for Istio Gateway API in Kiali OSSM-2083 - Update maistra/istio 2.3 to Istio 1.14.5 OSSM-2147 - Unexpected validation message on Gateway object OSSM-2169 - Member controller doesn't retry on conflict OSSM-2170 - Member namespaces aren't cleaned up when a cluster-scoped SMMR is deleted OSSM-2179 - Wasm plugins only support OCI images with 1 layer OSSM-2184 - Istiod isn't allowed to delete analysis distribution report configmap OSSM-2188 - Member namespaces not cleaned up when SMCP is deleted OSSM-2189 - If multiple SMCPs exist in a namespace, the controller reconciles them all OSSM-2190 - The memberroll controller reconciles SMMRs with invalid name OSSM-2232 - The member controller reconciles ServiceMeshMember with invalid name OSSM-2241 - Remove v2.0 from Create ServiceMeshControlPlane Form OSSM-2251 - CVE-2022-3962 openshift-istio-kiali-container: kiali: content spoofing [ossm-2.3] OSSM-2308 - add root CA certificates to kiali container OSSM-2315 - be able to customize openshift auth timeouts OSSM-2324 - Gateway injection does not work when pods are created by cluster admins OSSM-2335 - Potential hang using Traces scatterplot chart OSSM-2338 - Federation deployment does not need router mode sni-dnat OSSM-2344 - Restarting istiod causes Kiali to flood CRI-O with port-forward requests OSSM-2375 - Istiod should log member namespaces on every update OSSM-2376 - ServiceMesh federation stops working after the restart of istiod pod OSSM-535 - Support validationMessages in SMCP OSSM-827 - ServiceMeshMembers point to wrong SMCP name

    1. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bugs fixed (https://bugzilla.redhat.com/):

    2129679 - clusters belong to global clusterset is not selected by placement when rescheduling 2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function 2139085 - RHACM 2.6.3 images 2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

    The following advisory data is extracted from:

    https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0254.json

    Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

    Description:

    The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202208-0404",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.6.1"
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.3.16"
          },
          {
            "model": "ipados",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "15.7.1"
          },
          {
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "watchos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "9.1"
          },
          {
            "model": "hci compute node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "management services for element software",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.0.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "37"
          },
          {
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.7.1"
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "3.7.31"
          },
          {
            "model": "oncommand workflow automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "storagegrid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "3.11.22"
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.3.0"
          },
          {
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "3.11.0"
          },
          {
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "ontap select deploy administration utility",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "iphone os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "15.7.1"
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.6.0"
          },
          {
            "model": "iphone os",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "16.0"
          },
          {
            "model": "iphone os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "16.1"
          },
          {
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "36"
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.6.3"
          },
          {
            "model": "hci",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "3.7.34"
          },
          {
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.0"
          },
          {
            "model": "zlib",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "zlib",
            "version": "1.2.12"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-37434"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.12",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.7.1",
                    "versionStartIncluding": "11.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "16.1",
                    "versionStartIncluding": "16.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.6.1",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "15.7.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "15.7.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.6.3",
                    "versionStartIncluding": "4.6.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3.16",
                    "versionStartIncluding": "4.3.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.11.22",
                    "versionStartIncluding": "3.11.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.7.34",
                    "versionStartIncluding": "3.7.31",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-37434"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "173605"
          },
          {
            "db": "PACKETSTORM",
            "id": "173107"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170179"
          },
          {
            "db": "PACKETSTORM",
            "id": "170898"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170210"
          },
          {
            "db": "PACKETSTORM",
            "id": "170759"
          },
          {
            "db": "PACKETSTORM",
            "id": "170806"
          },
          {
            "db": "PACKETSTORM",
            "id": "170242"
          },
          {
            "db": "PACKETSTORM",
            "id": "176559"
          }
        ],
        "trust": 1.1
      },
      "cve": "CVE-2022-37434",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-37434",
                "trust": 1.0,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-37434"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* github.com/Masterminds/vcs: Command Injection via argument injection\n(CVE-2022-21235)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. \n\nThe sha values for the release are\n\n(For x86_64 architecture)\nThe image digest is\nsha256:c6771b12bd873c0e3e5fbc7afa600d92079de6534dcb52f09cb1d22ee49608a9\n\n(For s390x architecture)\nThe image digest is\nsha256:622b5361f95d1d512ea84f363ac06155cbb9ee28e85ccaae1acd80b98b660fa8\n\n(For ppc64le architecture)\nThe image digest is\nsha256:50c131cf85dfb00f258af350a46b85eff8fb8084d3e1617520cd69b59caeaff7\n\n(For aarch64 architecture)\nThe image digest is\nsha256:9e575c4ece9caaf31acbef246ccad71959cd5bf634e7cb284b0849ddfa205ad7\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nOCPBUGS-15446 - (release-4.11) gather \"gateway-mode-config\" config map from \"openshift-network-operator\" namespace\nOCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading \u0027apiGroup\u0027)\nOCPBUGS-15645 - Can\u0027t use git lfs in BuildConfig git source with strategy Docker\nOCPBUGS-15739 - Environment cannot find Python\nOCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions\nOCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get \"https://registry.centos.org/v2/\": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host\nOCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update\nAdvisory ID:       RHSA-2023:3742-02\nProduct:           Red Hat OpenShift Data Foundation\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:3742\nIssue date:        2023-06-21\nCVE Names:         CVE-2015-20107 CVE-2018-25032 CVE-2020-10735 \n                   CVE-2020-16250 CVE-2020-16251 CVE-2020-17049 \n                   CVE-2021-3765 CVE-2021-3807 CVE-2021-4231 \n                   CVE-2021-4235 CVE-2021-4238 CVE-2021-28861 \n                   CVE-2021-43519 CVE-2021-43998 CVE-2021-44531 \n                   CVE-2021-44532 CVE-2021-44533 CVE-2021-44964 \n                   CVE-2021-46828 CVE-2021-46848 CVE-2022-0670 \n                   CVE-2022-1271 CVE-2022-1304 CVE-2022-1348 \n                   CVE-2022-1586 CVE-2022-1587 CVE-2022-2309 \n                   CVE-2022-2509 CVE-2022-2795 CVE-2022-2879 \n                   CVE-2022-2880 CVE-2022-3094 CVE-2022-3358 \n                   CVE-2022-3515 CVE-2022-3517 CVE-2022-3715 \n                   CVE-2022-3736 CVE-2022-3821 CVE-2022-3924 \n                   CVE-2022-4415 CVE-2022-21824 CVE-2022-23540 \n                   CVE-2022-23541 CVE-2022-24903 CVE-2022-26280 \n                   CVE-2022-27664 CVE-2022-28805 CVE-2022-29154 \n                   CVE-2022-30635 CVE-2022-31129 CVE-2022-32189 \n                   CVE-2022-32190 CVE-2022-33099 CVE-2022-34903 \n                   CVE-2022-35737 CVE-2022-36227 CVE-2022-37434 \n                   CVE-2022-38149 CVE-2022-38900 CVE-2022-40023 \n                   CVE-2022-40303 CVE-2022-40304 CVE-2022-40897 \n                   CVE-2022-41316 CVE-2022-41715 CVE-2022-41717 \n                   CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 \n                   CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 \n                   CVE-2022-42898 CVE-2022-42919 CVE-2022-43680 \n                   CVE-2022-45061 CVE-2022-45873 CVE-2022-46175 \n                   CVE-2022-47024 CVE-2022-47629 CVE-2022-48303 \n                   CVE-2022-48337 CVE-2022-48338 CVE-2022-48339 \n                   CVE-2023-0361 CVE-2023-0620 CVE-2023-0665 \n                   CVE-2023-2491 CVE-2023-22809 CVE-2023-24329 \n                   CVE-2023-24999 CVE-2023-25000 CVE-2023-25136 \n=====================================================================\n\n1. Summary:\n\nUpdated images that include numerous enhancements, security, and bug fixes\nare now available in Red Hat Container Registry for Red Hat OpenShift Data\nFoundation 4.13.0 on Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Data Foundation is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Data Foundation is a highly scalable, production-grade persistent\nstorage for stateful applications running in the Red Hat OpenShift\nContainer Platform. In addition to persistent storage, Red Hat OpenShift\nData Foundation provisions a multicloud data management service with an S3\ncompatible API. \n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as\nrandom as they should be (CVE-2021-4238)\n\n* decode-uri-component: improper input validation resulting in DoS\n(CVE-2022-38900)\n\n* vault: Hashicorp Vault AWS IAM Integration Authentication Bypass\n(CVE-2020-16250)\n\n* vault: GCP Auth Method Allows Authentication Bypass (CVE-2020-16251)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching\nANSI escape codes (CVE-2021-3807)\n\n* go-yaml: Denial of Service in go-yaml (CVE-2021-4235)\n\n* vault: incorrect policy enforcement (CVE-2021-43998)\n\n* nodejs: Improper handling of URI Subject Alternative Names\n(CVE-2021-44531)\n\n* nodejs: Certificate Verification Bypass via String Injection\n(CVE-2021-44532)\n\n* nodejs: Incorrect handling of certificate subject and issuer fields\n(CVE-2021-44533)\n\n* golang: archive/tar: unbounded memory consumption when reading headers\n(CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable\nquery parameters (CVE-2022-2880)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to\nsignature validation bypass (CVE-2022-23540)\n\n* jsonwebtoken: Insecure implementation of key retrieval function could\nlead to Forgeable Public/Private Tokens from RSA to HMAC (CVE-2022-23541)\n\n* golang: net/http: handle server errors after sending GOAWAY\n(CVE-2022-27664)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/url: JoinPath does not strip relative path components in all\ncircumstances (CVE-2022-32190)\n\n* consul: Consul Template May Expose Vault Secrets When Processing Invalid\nInput (CVE-2022-38149)\n\n* vault: insufficient certificate revocation list checking (CVE-2022-41316)\n\n* golang: regexp/syntax: limit memory used by parsing regexps\n(CVE-2022-41715)\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2\nrequests (CVE-2022-41717)\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK\ndecoding (CVE-2022-41723)\n\n* golang: crypto/tls: large handshake records may cause panics\n(CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive\nresource consumption (CVE-2022-41725)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n* vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL\nInjection Via Configuration File (CVE-2023-0620)\n\n* hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize\nAccess to Issuer Metadata (CVE-2023-0665)\n\n* Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to\nRole During a Destroy Operation (CVE-2023-24999)\n\n* hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations\n(CVE-2023-25000)\n\n* validator: Inefficient Regular Expression Complexity in Validator.js\n(CVE-2021-3765)\n\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the\nencoded message is too short, potentially allowing a denial of service\n(CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nThese updated images include numerous enhancements and bug fixes. Space\nprecludes documenting all of these changes in this advisory. Users are\ndirected to the Red Hat OpenShift Data Foundation Release Notes for\ninformation on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these\nupdated images that provide numerous bug fixes and enhancements. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1786696 - UI-\u003eDashboards-\u003eOverview-\u003eAlerts shows MON components are at different versions, though they are NOT\n1855339 - Wrong version of ocs-storagecluster\n1943137 - [Tracker for BZ #1945618] rbd: Storage is not reclaimed after persistentvolumeclaim and job that utilized it are deleted\n1944687 - [RFE] KMS server connection lost alert\n1989088 - [4.8][Multus] UX experience issues and enhancements\n2005040 - Uninstallation of ODF StorageSystem via OCP Console fails, gets stuck in Terminating state\n2005830 - [DR] DRPolicy resource should not be editable after creation\n2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes\n2028193 - CVE-2021-43998 vault: incorrect policy enforcement\n2040839 - CVE-2021-44531 nodejs: Improper handling of URI Subject Alternative Names\n2040846 - CVE-2021-44532 nodejs: Certificate Verification Bypass via String Injection\n2040856 - CVE-2021-44533 nodejs: Incorrect handling of certificate subject and issuer fields\n2040862 - CVE-2022-21824 nodejs: Prototype pollution via console.table properties\n2042914 - [Tracker for BZ #2013109] [UI] Refreshing web console from the pop-up is taking to Install Operator page. \n2052252 - CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 [CVE] nodejs: various flaws [openshift-data-foundation-4]\n2101497 - ceph_mon_metadata metrics are not collected properly\n2101916 - must-gather is not collecting ceph logs or coredumps\n2102304 - [GSS] Remove the entry of removed node from Storagecluster under Node Topology\n2104148 - route ocs-storagecluster-cephobjectstore misconfigured to use http and https on same http route in haproxy.config\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service\n2115020 - [RDR] Sync schedule is not removed from mirrorpeer yaml after DR Policy is deleted\n2115616 - [GSS] failing to change ownership of the NFS based PVC for PostgreSQL pod by using kube_pv_chown utility\n2119551 - CVE-2022-38149 consul: Consul Template May Expose Vault Secrets When Processing Invalid Input\n2120098 - [RDR] Even before an action gets fully completed, PeerReady and Available are reported as True in the DRPC yaml\n2120944 - Large Omap  objects found in pool \u0027ocs-storagecluster-cephfilesystem-metadata\u0027\n2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2126299 - CVE-2021-3765 validator: Inefficient Regular Expression Complexity in Validator.js\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function\n2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking\n2139037 - [cee/sd]Unable to access s3 via RGW route ocs-storagecluster-cephobjectstore\n2141095 - [RDR] Storage System page on ACM Hub is visible even when data observability is not enabled\n2142651 - RFE: OSDs need ability to bind to a service IP instead of the pod IP to support RBD mirroring in OCP clusters\n2142894 - Credentials are ignored when creating a Backing/Namespace store after prompted to enter a name for the resource\n2142941 - RGW cloud Transition. HEAD/GET requests to MCG are failing with 403 error\n2143944 - [GSS] unknown parameter name \"FORCE_OSD_REMOVAL\"\n2144256 - [RDR] [UI] DR Application applied to a single DRPolicy starts showing connected to multiple policies due to console flickering\n2151903 - [MCG] Azure bs/ns creation fails with target bucket does not exists\n2152143 - [Noobaa Clone] Secrets are used in env variables\n2154250 - NooBaa Bucket Quota alerts are not working\n2155507 - RBD reclaimspace job fails when the PVC is not mounted\n2155743 - ODF Dashboard fails to load\n2156067 - [RDR] [UI] When Peer Ready isn\u0027t True, UI doesn\u0027t reset the error message even when no subscription group is selected\n2156069 - [UI] Instances of OCS can be seen on BlockPool action modals\n2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method\n2156519 - 4.13: odf-csi-addons-operator failed with OwnNamespace InstallModeType not supported\n2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n2157876 - [OCP Tracker] [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn\u0027t appear after ODF upgrade resulting in dashboard crash\n2158922 - Namespace store fails to get created via the ODF UI\n2159676 - rbd-mirror logs are rotated very frequently,  increase the default maxlogsize for rbd-mirror\n2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests\n2161879 - logging issue when deleting webhook resources\n2161937 - collect kernel and journal logs from all worker nodes\n2162257 - [RDR][CEPHFS] sync/replication is getting stopped for some pvc\n2164617 - Unable to expand ocs-storagecluster-ceph-rbd  PVCs provisioned in Filesystem mode\n2165495 - Placement scheduler is using too much resources\n2165504 - Sizer sharing link is broken\n2165929 - [RFE] ODF bluewash introduction in 4.12.x\n2165938 - ocs-operator CSV is missing disconnected env annotation. \n2165984 - [RDR] Replication stopped for images is represented with incorrect color\n2166222 - CSV is missing disconnected env annotation and relatedImages spec\n2166234 - Application user unable to invoke Failover and Relocate actions\n2166869 - Match the version of consoleplugin to odf operator\n2167299 - [RFE] ODF bluewash introduction in 4.12.x\n2167308 - [mcg-clone] Security and VA issues with ODF operator\n2167337 - CVE-2020-16250 vault: Hashicorp Vault AWS IAM Integration Authentication Bypass\n2167340 - CVE-2020-16251 vault: GCP Auth Method Allows Authentication Bypass\n2167946 - CSV is missing disconnected env annotation and relatedImages spec\n2168113 - [Ceph Tracker BZ #2141110] [cee/sd][Bluestore] Newly deployed bluestore OSD\u0027s showing high fragmentation score\n2168635 - fix redirect link to operator details page (OCS dashboard)\n2168840 - [Fusion-aaS][ODF 4.13]Within \u0027prometheus-ceph-rules\u0027 the namespace for \u0027rook-ceph-mgr\u0027 jobs should be configurable. \n2168849 - Must-gather doesn\u0027t collect coredump logs crucial for OSD crash events\n2169375 - CVE-2022-23541 jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC\n2169378 - CVE-2022-23540 jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass\n2169779 - [vSphere]: rook-ceph-mon-* pvc are in pending state\n2170644 - CVE-2022-38900 decode-uri-component: improper input validation resulting in DoS\n2170673 - [RDR] Different replication states of PVC images aren\u0027t correctly distinguished and representated on UI\n2172089 - [Tracker for Ceph BZ 2174461] rook-ceph-nfs pod is stuck at status \u0027CreateContainerError\u0027 after enabling NFS in ODF 4.13\n2172365 - [csi-addons] odf-csi-addons-operator oomkilled with fresh installation 4.12\n2172521 - No OSD pods are created for 4.13 LSO deployment\n2173161 - ODF-console can not start when you disable IPv6 on Node with kernel parameter. \n2173528 - Creation of OCS operator tag automatically for verified commits\n2173534 - When on StorageSystem details click on History back btn it shows blank body\n2173926 - [RFE] Include changes in MCG for new Ceph RGW transition headers\n2175612 - noobaa-core-0 crashing and storagecluster not getting to ready state during ODF deployment with FIPS enabled in 4.13cluster\n2175685 - RGW OBC creation via the UI is blocked by \"Address form errors to proceed\" error\n2175714 - UI fix- capitalization\n2175867 - Rook sets cephfs kernel mount options even when mon is using v1 port\n2176080 - odf must-gather should collect output of oc get hpa -n openshift-storage\n2176456 - [RDR] ramen-hub-operator and ramen-dr-cluster-operator is going into CLBO post deployment\n2176739 - [UI] CSI Addons operator icon is broken\n2176776 - Enable save options only when the protected apps has labels for manage DRPolicy\n2176798 - [IBM Z ] Multi Cluster Orchestrator operator is not available in the Operator Hub\n2176809 - [IBM Z ] DR operator is not available in the Operator Hub\n2177134 - Next button if disabled for storage system deployment flow for IBM Ceph Storage security and network step when there is no OCS installed already\n2177221 - Enable DR dashboard only when ACM observability is enabled\n2177325 - Noobaa-db pod is taking longer time to start up in ODF 4.13\n2177695 - DR dashbaord showing incorrect RPO data\n2177844 - CVE-2023-24999 Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation\n2178033 - node topology warnings tab doesn\u0027t show pod warnings\n2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding\n2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption\n2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics\n2178588 - No rack names on ODF Topology\n2178619 - odf-operator failing to resolve its sub-dependencies leaving the ocs-consumer/provider addon in a failed and halted state\n2178682 - [GSS] Add the valid AWS GovCloud regions in OCS UI. \n2179133 - [UI] A blank page appears while selecting Storage Pool for creating Encrypted Storage Class\n2179337 - Invalid storage system href link on the ODF multicluster dashboard\n2179403 - (4.13) Mons are failing to start when msgr2 is required with RHCS 6.1\n2179846 - [IBM Z] In RHCS external mode Cephobjectstore creation fails as it reports that the \"object store name cannot be longer than 38 characters\"\n2179860 - [MCG] Bucket replication with deletion sync isn\u0027t complete\n2179976 - [ODF 4.13] Missing the status-reporter binary causing pods \"report-status-to-provider\" remain in CreateContainerError on ODF to ODF cluster on ROSA\n2179981 - ODF Topology search bar mistakes to find searched node/pod\n2179997 - Topology. Exit full screen does not appear in Full screen mode\n2180211 - StorageCluster stuck in progressing state for Thales KMS deployment\n2180397 - Last sync time is missing on application set\u0027s disaster recovery status popover\n2180440 - odf-monitoring-tool. YAML file misjudged as corrupted\n2180921 - Deployment with external cluster in ODF 4.13 with unable to use cephfs as backing store for image_registry\n2181112 - [RDR] [UI] Hide disable DR functionality as it would be un-tested in 4.13\n2181133 - CI: backport E2E job improvements\n2181446 - [KMS][UI] PVC provisioning failed in case of vault kubernetes authentication is configured. \n2181535 - [GSS] Object storage in degraded state\n2181551 - Build: move to \u0027dependencies\u0027 the ones required for running a build\n2181832 - Create OBC via UI, placeholder on StorageClass dropped\n2181949 - [ODF Tracker] [RFE] Catch MDS damage to the dentry\u0027s first snapid\n2182041 - OCS-Operator expects NooBaa CRDs to be present on the cluster when installed directly without ODF Operator\n2182296 - [Fusion-aaS][ODF 4.13]must-gather does not collect relevant logs when storage cluster is not in openshift-storage namespace\n2182375 - [MDR] Not able to fence DR clusters\n2182644 - [IBM Z] MDR policy creation fails unless the ocs-operator pod is restarted on the managed clusters\n2182664 - Topology view should hide the sidebar when changing levels\n2182703 - [RDR] After upgrading from 4.12.2 to 4.13.0 version.odf.openshift.io cr is not getting updated with latest ODF version\n2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations\n2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata\n2183155 - failed to mount the the cephfs subvolume as subvolumegroup name is not sent in the GetStorageConfig RPC call\n2183196 - [Fusion-aaS] Collect Must-gather logs from the managed-fusion agent namesapce\n2183266 - [Fusion aaS Rook ODF 4.13]] Rook-ceph-operator pod should allow OBC CRDs to be optional instead of causing a crash when not present\n2183457 - [RDR] when running any ceph cmd we see error 2023-03-31T08:25:31.844+0000 7f8deaffd640 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2,1]\n2183478 - [MDR][UI] Cannot relocate subscription based apps, Appset based apps are possible to relocate\n2183520 - [Fusion-aaS] csi-cephfs-plugin pods are not created after installing ocs-client-operator\n2184068 - [Fusion-aaS] Failed to mount CephFS volumes while creating pods\n2184605 - [ODF 4.13][Fusion-aaS] OpenShift Data Foundation Client operator is listed in OperatorHub and installable from UI\n2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File\n2184769 - {Fusion-aaS][ODF 4.13]Remove storageclassclaim cr and create new cr storageclass request cr\n2184773 - multicluster-orchestrator should not reset spec.network.multiClusterService.Enabled field added by user\n2184892 - Don\u0027t pass encryption options to ceph cluster in odf external mode to provider/consumer cluster\n2184984 - Topology Sidebar alerts panel: alerts accordion does not toggle when clicking on alert severity text\n2185164 - [KMS][VAULT] PVC provisioning is failing when the Vault (HCP) Kubernetes authentication is set. \n2185188 - Fix storagecluster watch request for OCSInitialization\n2185757 - add NFS dashboard\n2185871 - [MDR][ACM-Tracker] Deleting an Appset based application does not delete its placement\n2186171 - [GSS] \"disableLoadBalancerService: true\" config is reconciled after modifying the number of NooBaa endpoints\n2186225 - [RDR] when running any ceph cmd we see error 2023-03-31T08:25:31.844+0000 7f8deaffd640 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2,1]\n2186475 - handle different network connection spec \u0026 Pass appropriate options for all the cases of Network Spec\n2186752 - [translations] add translations for 4.13\n2187251 - sync ocs and odf with the latest rook\n2187296 - [MCG] Can\u0027t opt out of deletions sync once log-based replication with deletions sync is set\n2187736 - [RDR] Replication history graph is showing incorrect value\n2187952 - When cluster controller is cancelled frequently, multiple simultaneous controllers cause issues since need to wait for shutdown before continuing new controller\n2187969 - [ODFMS-Migration ] [OCS Client Operator] csi-rbdplugin stuck in ImagePullBackOff on consumer clusters after Migration\n2187986 - [MDR] ramen-dr-cluster-operator pod is in CLBO after assigning dr policy to an appset based app\n2188053 - ocs-metrics-exporter cannot list/watch StorageCluster, StorageClass, CephBlockPool and other resources\n2188238 - [RDR] Avoid using the terminologies \"SLA\"  in DR dashbaord\n2188303 - [RDR] Maintenance mode is not enabled after initiating failover action\n2188427 - [External mode upgrade]: Upgrade from 4.12 -\u003e 4.13 external mode is failing because rook-ceph-operator is not reaching clean state\n2188666 - wrong label in new storageclassrequest cr\n2189483 - After upgrade noobaa-db-pg-0 pod using old image in one of container\n2189929 - [RDR/MDR] [UI] Dashboard fon size are very uneven\n2189982 - [RDR] ocs_rbd_client_blocklisted datapoints and the corresponding alert is not getting generated\n2189984 - [KMS][VAULT] Storage cluster remains in \u0027Progressing\u0027 state during deployment with storage class encryption, despite all pods being up and running. \n2190129 - OCS Provider Server logs are incorrect\n2190241 - nfs metric details are unavailable and server health is displaying as \"Degraded\" under Network file system tab in UI\n2192088 - [IBM P] rbd_default_map_options value not set to ms_mode=secure in in-transit encryption enabled ODF cluster\n2192670 - Details tab for nodes inside Topology throws \"Something went wrong\" on IBM Power platform\n2192824 - [4.13] Fix Multisite in external cluster\n2192875 - Enable ceph-exporter in rook\n2193114 - MCG replication is failing due to OC binary incompatible on Power platform\n2193220 - [Stretch cluster] CephCluster is updated frequently due to changing ordering of zones\n2196176 - MULTUS UI, There is no option to change the multus configuration after we configure the params\n2196236 - [RDR] With ACM 2.8 User is not able to apply Drpolicy to subscription workload\n2196298 - [RDR] DRPolicy doesn\u0027t show connected application when subscription based workloads are deployed via CLI\n2203795 - ODF Monitoring is missing some of the ceph_* metric values\n2208029 - nfs server health is always displaying as \"Degraded\" under Network file system tab in UI. \n2208079 - rbd mirror daemon is commonly not upgraded\n2208269 - [RHCS Tracker] After add capacity the rebalance does not complete, and we see 2 PGs in  active+clean+scrubbing and 1  active+clean+scrubbing+deep\n2208558 - [MDR] ramen-dr-cluster-operator pod crashes during failover\n2208962 - [UI] ODF Topology. Degraded cluster don\u0027t show red canvas on cluster level\n2209364 - ODF dashboard crashes when OCP and ODF are upgraded\n2209643 - Multus, Cephobjectstore stuck on Progressing state because \" failed to create or retrieve rgw admin ops user\"\n2209695 - When collecting Must-gather logs shows /usr/bin/gather_ceph_resources: line 341: jq: command not found\n2210964 - [UI][MDR] After hub recovery in overview tab of data policies Application set apps count is not showing\n2211334 - The replication history graph is very unclear\n2211343 - [MCG-Only]: upgrade failed from 4.12 to 4.13 due to missing CSI_ENABLE_READ_AFFINITY in ConfigMap openshift-storage/ocs-operator-config\n2211704 - Multipart uploads fail to a Azure namespace bucket when user MD is sent as part of the upload\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-20107\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2020-10735\nhttps://access.redhat.com/security/cve/CVE-2020-16250\nhttps://access.redhat.com/security/cve/CVE-2020-16251\nhttps://access.redhat.com/security/cve/CVE-2020-17049\nhttps://access.redhat.com/security/cve/CVE-2021-3765\nhttps://access.redhat.com/security/cve/CVE-2021-3807\nhttps://access.redhat.com/security/cve/CVE-2021-4231\nhttps://access.redhat.com/security/cve/CVE-2021-4235\nhttps://access.redhat.com/security/cve/CVE-2021-4238\nhttps://access.redhat.com/security/cve/CVE-2021-28861\nhttps://access.redhat.com/security/cve/CVE-2021-43519\nhttps://access.redhat.com/security/cve/CVE-2021-43998\nhttps://access.redhat.com/security/cve/CVE-2021-44531\nhttps://access.redhat.com/security/cve/CVE-2021-44532\nhttps://access.redhat.com/security/cve/CVE-2021-44533\nhttps://access.redhat.com/security/cve/CVE-2021-44964\nhttps://access.redhat.com/security/cve/CVE-2021-46828\nhttps://access.redhat.com/security/cve/CVE-2021-46848\nhttps://access.redhat.com/security/cve/CVE-2022-0670\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1304\nhttps://access.redhat.com/security/cve/CVE-2022-1348\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1587\nhttps://access.redhat.com/security/cve/CVE-2022-2309\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-2795\nhttps://access.redhat.com/security/cve/CVE-2022-2879\nhttps://access.redhat.com/security/cve/CVE-2022-2880\nhttps://access.redhat.com/security/cve/CVE-2022-3094\nhttps://access.redhat.com/security/cve/CVE-2022-3358\nhttps://access.redhat.com/security/cve/CVE-2022-3515\nhttps://access.redhat.com/security/cve/CVE-2022-3517\nhttps://access.redhat.com/security/cve/CVE-2022-3715\nhttps://access.redhat.com/security/cve/CVE-2022-3736\nhttps://access.redhat.com/security/cve/CVE-2022-3821\nhttps://access.redhat.com/security/cve/CVE-2022-3924\nhttps://access.redhat.com/security/cve/CVE-2022-4415\nhttps://access.redhat.com/security/cve/CVE-2022-21824\nhttps://access.redhat.com/security/cve/CVE-2022-23540\nhttps://access.redhat.com/security/cve/CVE-2022-23541\nhttps://access.redhat.com/security/cve/CVE-2022-24903\nhttps://access.redhat.com/security/cve/CVE-2022-26280\nhttps://access.redhat.com/security/cve/CVE-2022-27664\nhttps://access.redhat.com/security/cve/CVE-2022-28805\nhttps://access.redhat.com/security/cve/CVE-2022-29154\nhttps://access.redhat.com/security/cve/CVE-2022-30635\nhttps://access.redhat.com/security/cve/CVE-2022-31129\nhttps://access.redhat.com/security/cve/CVE-2022-32189\nhttps://access.redhat.com/security/cve/CVE-2022-32190\nhttps://access.redhat.com/security/cve/CVE-2022-33099\nhttps://access.redhat.com/security/cve/CVE-2022-34903\nhttps://access.redhat.com/security/cve/CVE-2022-35737\nhttps://access.redhat.com/security/cve/CVE-2022-36227\nhttps://access.redhat.com/security/cve/CVE-2022-37434\nhttps://access.redhat.com/security/cve/CVE-2022-38149\nhttps://access.redhat.com/security/cve/CVE-2022-38900\nhttps://access.redhat.com/security/cve/CVE-2022-40023\nhttps://access.redhat.com/security/cve/CVE-2022-40303\nhttps://access.redhat.com/security/cve/CVE-2022-40304\nhttps://access.redhat.com/security/cve/CVE-2022-40897\nhttps://access.redhat.com/security/cve/CVE-2022-41316\nhttps://access.redhat.com/security/cve/CVE-2022-41715\nhttps://access.redhat.com/security/cve/CVE-2022-41717\nhttps://access.redhat.com/security/cve/CVE-2022-41723\nhttps://access.redhat.com/security/cve/CVE-2022-41724\nhttps://access.redhat.com/security/cve/CVE-2022-41725\nhttps://access.redhat.com/security/cve/CVE-2022-42010\nhttps://access.redhat.com/security/cve/CVE-2022-42011\nhttps://access.redhat.com/security/cve/CVE-2022-42012\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/cve/CVE-2022-42919\nhttps://access.redhat.com/security/cve/CVE-2022-43680\nhttps://access.redhat.com/security/cve/CVE-2022-45061\nhttps://access.redhat.com/security/cve/CVE-2022-45873\nhttps://access.redhat.com/security/cve/CVE-2022-46175\nhttps://access.redhat.com/security/cve/CVE-2022-47024\nhttps://access.redhat.com/security/cve/CVE-2022-47629\nhttps://access.redhat.com/security/cve/CVE-2022-48303\nhttps://access.redhat.com/security/cve/CVE-2022-48337\nhttps://access.redhat.com/security/cve/CVE-2022-48338\nhttps://access.redhat.com/security/cve/CVE-2022-48339\nhttps://access.redhat.com/security/cve/CVE-2023-0361\nhttps://access.redhat.com/security/cve/CVE-2023-0620\nhttps://access.redhat.com/security/cve/CVE-2023-0665\nhttps://access.redhat.com/security/cve/CVE-2023-2491\nhttps://access.redhat.com/security/cve/CVE-2023-22809\nhttps://access.redhat.com/security/cve/CVE-2023-24329\nhttps://access.redhat.com/security/cve/CVE-2023-24999\nhttps://access.redhat.com/security/cve/CVE-2023-25000\nhttps://access.redhat.com/security/cve/CVE-2023-25136\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZJTCdtzjgjWX9erEAQg+Bw/8DMJst89ezTMnzgSKR5q+EzfkajgA1+hZ\npk9CcsCzrIISkbi+6uvkfRPe7hwHstigfswCsuh4d98lad20WKw9UUYMsFOQlGW5\nIzzxf5a1Uw/pdO/61f4k6Ze7E4gANneknQiiiUFpA4lF7RkuBoeWYoB12r+Y3O/t\nl8CGEVAk/DBn2WVc5PL7o7683A6tS8Z5FNpyPg2tvtpdYkr1cw2+L2mcBHpiAjUr\nS+Jaj5/qf8Z/TIZY7vvOqr6YCDrMnbZChbvYaPCwaRqbOb1RbGW++c9hEWKnaNbm\nXiIgTY4d75+y7afRFoc9INZ1SjvL7476LCABGXmEEocuwHRU7K4u4rGyOXzDz5xb\n3zgJO58oVr6RPHvpDsxoqOwEbhfdNpRpBcuuzAThe9w5Cnh45UnEU5sJKY/1U1qo\nUxBeMoFrrhUdrE4A1Gsr0GcImh6JDJXweIJe1C6FI9e3/J5HM7mR4Whznz+DslXL\nCNmmPWs5afjrrgVVaDuDYq3m7lwuCTODHRVSeWGrtyhnNc6RNtjJi9fumqavP07n\n8lc4v4c56lMVDpwQQkYMCJEzHrYDWeFDza9KdDbddvLtkoYXxJQiGwp0BZne1ArV\nlU3PstRRagnbV6yf/8LPSaSQZAVBnEe2YoF83gJbpFEhYimOCHS9BzC0qce7lypR\nvhbUlNurVkU=\n=4jwh\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes\nto endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM\n(BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to\nTMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a\nsnapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is\ndeleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile -\nroutes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to\nfile-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity\nrestricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1\nimages. \n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node\n\n6. Description:\n\nSubmariner enables direct networking between pods and services on different\nKubernetes clusters that are either on-premises or in the cloud. \n\nFor more information about Submariner, see the Submariner open source\ncommunity website at: https://submariner.io/. \n\nSecurity fixes:\n\n* CVE-2022-27664 golang: net/http: handle server errors after sending\nGOAWAY\n* CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward\nunparseable query parameters\n* CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing\nregexps\n* CVE-2022-41717 golang: net/http: An attacker can cause excessive memory\ngrowth in a Go server accepting HTTP/2 requests\n\nBugs addressed:\n\n* subctl diagnose firewall metrics does not work on merged kubeconfig (BZ#\n2013711)\n* [Submariner] - Fails to increase gateway amount after deployment (BZ#\n2097381)\n* Submariner gateway node does not get deleted with subctl cloud cleanup\ncommand (BZ# 2108634)\n* submariner GW pods are unable to resolve the DNS of the Broker K8s API\nURL (BZ# 2119362)\n* Submariner gateway node does not get deployed after applying\nManagedClusterAddOn on Openstack (BZ# 2124219)\n* unable to run subctl benchmark latency, pods fail with ImagePullBackOff\n(BZ# 2130326)\n* [IBM Z] - Submariner addon unistallation doesnt work from ACM console\n(BZ# 2136442)\n* Tags on AWS security group for gateway node break cloud-controller\nLoadBalancer (BZ# 2139477)\n* RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)\n* Submariner OVN support (ACM-1358)\n* Submariner Azure Console support (ACM-1388)\n* ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)\n* Submariner on disconnected ACM #22000 (ACM-1678)\n* Submariner gateway: Error creating AWS security group if already exists\n(ACM-2055)\n* Submariner gateway security group in AWS not deleted when uninstalling\nsubmariner (ACM-2057)\n* The submariner-metrics-proxy pod pulls an image with wrong naming\nconvention (ACM-2058)\n* The submariner-metrics-proxy pod is not part of the Agent readiness check\n(ACM-2067)\n* Subctl 0.14.0 prints version \"vsubctl\" (ACM-2132)\n* managedclusters \"local-cluster\" not found and missing Submariner Broker\nCRD (ACM-2145)\n* Add support of ARO to Submariner deployment (ACM-2150)\n* The e2e tests execution fails for \"Basic TCP connectivity\" tests\n(ACM-2204)\n* Gateway error shown \"diagnose all\" tests (ACM-2206)\n* Submariner does not support cluster \"kube-proxy ipvs mode\"(ACM-2211)\n* Vsphere cluster shows Pod Security admission controller warnings\n(ACM-2256)\n* Cannot use submariner with OSP and self signed certs (ACM-2274)\n* Subctl diagnose tests spawn nettest image with wrong tag nameing\nconvention (ACM-2387)\n* Subctl 0.14.1 prints version \"devel\" (ACM-2482)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2013711 - subctl diagnose firewall metrics does not work on merged kubeconfig\n2097381 - [Submariner] - Fails to increase gateway amount after deployment\n2108634 - Submariner gateway node does not get deleted with subctl cloud cleanup command\n2119362 - submariner GW pods are unable to resolve the DNS of the Broker K8s API URL\n2124219 - Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2130326 - unable to run subctl benchmark latency, pods fail with ImagePullBackOff\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2136442 - [IBM Z] - Submariner addon unistallation doesnt work from ACM console\n2139477 - Tags on AWS security group for gateway node break cloud-controller LoadBalancer\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nACM-1614 - ManagedClusterSet consumers migrate to v1beta2 (Submariner)\nACM-2055 - Submariner gateway: Error creating AWS security group if already exists\nACM-2057 - [Submariner] - submariner gateway security group in aws not deleted when uninstalling submariner\nACM-2058 - [Submariner] - The submariner-metrics-proxy pod pulls an image with wrong naming convention\nACM-2067 - [Submariner] - The submariner-metrics-proxy pod is not part of the Agent readiness check\nACM-2132 - Subctl 0.14.0 prints version \"vsubctl\"\nACM-2145 - managedclusters \"local-cluster\" not found and missing Submariner Broker CRD\nACM-2150 - Add support of ARO to Submariner deployment\nACM-2204 - [Submariner] - e2e tests execution fails for \"Basic TCP connectivity\" tests\nACM-2206 - [Submariner] - Gateway error shown \"diagnose all\" tests\nACM-2211 - [Submariner] - Submariner does not support cluster \"kube-proxy ipvs mode\"\nACM-2256 - [Submariner] - Vsphere cluster shows Pod Security admission controller warnings\nACM-2274 - Cannot use submariner with OSP and self signed certs\nACM-2387 - [Submariner] - subctl diagnose tests spawn nettest image with wrong tag nameing convention\nACM-2482 - Subctl 0.14.1 prints version \"devel\"\n\n6. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Solution:\n\nBefore applying this update, you must apply all previously released errata\nrelevant to your system. \n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift  Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. Description:\n\nThe rh-sso-7/sso76-openshift-rhel8 container image and\nrh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based\nMiddleware Containers to address the following security issues. Users of these images\nare also encouraged to rebuild all container images that depend on these\nimages. \n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):\n\n2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding\n2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nCIAM-4412 - Build new OCP image for rh-sso-7/sso76-openshift-rhel8\nCIAM-4413 - Generate new operator bundle image for this patch\n\n6. Summary:\n\nAn update is now available for Migration Toolkit for Runtimes (v1.0.1). Bugs fixed (https://bugzilla.redhat.com/):\n\n2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2148199 - CVE-2022-39278 Istio: Denial of service attack via a specially crafted message\n2148661 - CVE-2022-3962 kiali: error message spoofing in kiali UI\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1977 - Support for Istio Gateway API in Kiali\nOSSM-2083 - Update maistra/istio 2.3 to Istio 1.14.5\nOSSM-2147 - Unexpected validation message on Gateway object\nOSSM-2169 - Member controller doesn\u0027t retry on conflict\nOSSM-2170 - Member namespaces aren\u0027t cleaned up when a cluster-scoped SMMR is deleted\nOSSM-2179 - Wasm plugins only support OCI images with 1 layer\nOSSM-2184 - Istiod isn\u0027t allowed to delete analysis distribution report configmap\nOSSM-2188 - Member namespaces not cleaned up when SMCP is deleted\nOSSM-2189 - If multiple SMCPs exist in a namespace, the controller reconciles them all\nOSSM-2190 - The memberroll controller reconciles SMMRs with invalid name\nOSSM-2232 - The member controller reconciles ServiceMeshMember with invalid name\nOSSM-2241 - Remove v2.0 from Create ServiceMeshControlPlane Form\nOSSM-2251 - CVE-2022-3962 openshift-istio-kiali-container: kiali: content spoofing [ossm-2.3]\nOSSM-2308 - add root CA certificates to kiali container\nOSSM-2315 - be able to customize openshift auth timeouts\nOSSM-2324 - Gateway injection does not work when pods are created by cluster admins\nOSSM-2335 - Potential hang using Traces scatterplot chart\nOSSM-2338 - Federation deployment does not need router mode sni-dnat\nOSSM-2344 - Restarting istiod causes Kiali to flood CRI-O with port-forward requests\nOSSM-2375 - Istiod should log member namespaces on every update\nOSSM-2376 - ServiceMesh federation stops working after the restart of istiod pod\nOSSM-535 - Support validationMessages in SMCP\nOSSM-827 - ServiceMeshMembers point to wrong SMCP name\n\n6. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. Bugs fixed (https://bugzilla.redhat.com/):\n\n2129679 - clusters belong to global clusterset is not selected by placement when rescheduling\n2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function\n2139085 - RHACM 2.6.3 images\n2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements\n\n5. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0254.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n\n\n\nDescription:\n\nThe rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-37434"
          },
          {
            "db": "VULHUB",
            "id": "VHN-428208"
          },
          {
            "db": "PACKETSTORM",
            "id": "173605"
          },
          {
            "db": "PACKETSTORM",
            "id": "173107"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170179"
          },
          {
            "db": "PACKETSTORM",
            "id": "170898"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170210"
          },
          {
            "db": "PACKETSTORM",
            "id": "170759"
          },
          {
            "db": "PACKETSTORM",
            "id": "170806"
          },
          {
            "db": "PACKETSTORM",
            "id": "170242"
          },
          {
            "db": "PACKETSTORM",
            "id": "176559"
          }
        ],
        "trust": 1.98
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-428208",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-428208"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-37434",
            "trust": 2.2
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/08/05/2",
            "trust": 1.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/08/09/1",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169707",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170027",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169503",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171271",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169726",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169624",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168107",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169906",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169783",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169557",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168113",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169577",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168765",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169595",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-428208",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "173605",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "173107",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170083",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170179",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170898",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170741",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170210",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170759",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170806",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170242",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "176559",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-428208"
          },
          {
            "db": "PACKETSTORM",
            "id": "173605"
          },
          {
            "db": "PACKETSTORM",
            "id": "173107"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170179"
          },
          {
            "db": "PACKETSTORM",
            "id": "170898"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170210"
          },
          {
            "db": "PACKETSTORM",
            "id": "170759"
          },
          {
            "db": "PACKETSTORM",
            "id": "170806"
          },
          {
            "db": "PACKETSTORM",
            "id": "170242"
          },
          {
            "db": "PACKETSTORM",
            "id": "176559"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-37434"
          }
        ]
      },
      "id": "VAR-202208-0404",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-428208"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T21:15:51.322000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-428208"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-37434"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/oct/37"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/oct/38"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/oct/41"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/oct/42"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5218"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pavpqncg3xrlclnsqrm3kan5zfmvxvty/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nmboj77a7t7pqcarmduk75te6llesz3o/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yrqai7h4m4rqz2iwzueexecbe5d56bh2/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x5u7otkzshy2i3zfjsr2shfhw72rkgdk/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jwn4ve3jqr4o2sous5txnlanrpmhwv4i/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2022/08/05/2"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2022/08/09/1"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/curl/curl/issues/9271"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/ivd38/zlib_overflow"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#l1062-l1063"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#l762-l764"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20220901-0005/"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213488"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213489"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213490"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213491"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213493"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213494"
          },
          {
            "trust": 1.0,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 1.0,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2022-37434"
          },
          {
            "trust": 1.0,
            "url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2022-42898"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2022-1304"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2016-3709"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-26700"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-26716"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-26710"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-22629"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-26719"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-26717"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-22662"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-22624"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-26709"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-22628"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-30293"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-35525"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-35527"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-2509"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-3515"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-27404"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-27406"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-27405"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-34903"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-1586"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-42012"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-42010"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-42011"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1897"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1785"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1927"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-40674"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-35737"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-46848"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-30635"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-41715"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-2880"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-43680"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-27664"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2015-20107"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-2068"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25309"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-30698"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-30699"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-2097"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25310"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-25308"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-1292"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0924"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0908"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0562"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-22844"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0865"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0909"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0561"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0891"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-1355"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-47629"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-38177"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2023-0361"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-38178"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2023-24329"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-3517"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-4238"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-2879"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-3821"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-29154"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-40303"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-40304"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-32189"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-41717"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4238"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-0308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-32208"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30629"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-0256"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24795"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-32206"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-38561"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0391"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0934"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24448"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-2639"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1055"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26373"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-20368"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1048"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0617"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0854"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-29581"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1016"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-2078"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-2938"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-21499"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-36946"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-36558"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1852"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0168"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-28390"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-27950"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-2586"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23960"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3640"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-30002"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1184"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25255"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-36516"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-28893"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-3787"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30632"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-28131"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30633"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1705"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30630"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1962"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-32148"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30631"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0891"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0908"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0909"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0215"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-1281"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3634"
          },
          {
            "trust": 0.1,
            "url": "https://registry.centos.org/v2/\":"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:4053"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://issues.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-32233"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-4304"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-40528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhba-2023:4052"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-4450"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23540"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16250"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41316"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2795"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16250"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0670"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-48303"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-36227"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-45873"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3765"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-2491"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43998"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-40897"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41724"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44531"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41725"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-38149"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28805"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-25136"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26280"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-48337"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43519"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1587"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-4415"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-45061"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28861"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0620"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3807"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:3742"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43519"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-24999"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-25000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-22809"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-31129"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-40023"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-47024"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16251"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28861"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3924"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44533"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-46175"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10735"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3358"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44964"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3736"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17049"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3715"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24903"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43998"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-38900"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32190"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0665"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1348"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-48338"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42919"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16251"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-33099"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-48339"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-46828"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2309"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3765"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23541"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41723"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-17049"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10735"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3807"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3094"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28327"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24921"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24675"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:8750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:8889"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21618"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21628"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-39399"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42003"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21624"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21626"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36518"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21619"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42004"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2601"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3775"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2601"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/submariner#deploying-submariner-console"
          },
          {
            "trust": 0.1,
            "url": "https://submariner.io/."
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41974"
          },
          {
            "trust": 0.1,
            "url": "https://submariner.io/getting-started/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0631"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0408"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23772"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29526"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23773"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1798"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27404"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3782"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3916"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27405"
          },
          {
            "trust": 0.1,
            "url": "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:8964"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42920"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0924"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0470"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1355"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1471"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-39278"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21713"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21713"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21673"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23648"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21703"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21698"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21703"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21702"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3962"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21702"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41912"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:9040"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0254.json"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116639"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2024:0254"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-37434"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-428208"
          },
          {
            "db": "PACKETSTORM",
            "id": "173605"
          },
          {
            "db": "PACKETSTORM",
            "id": "173107"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170179"
          },
          {
            "db": "PACKETSTORM",
            "id": "170898"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170210"
          },
          {
            "db": "PACKETSTORM",
            "id": "170759"
          },
          {
            "db": "PACKETSTORM",
            "id": "170806"
          },
          {
            "db": "PACKETSTORM",
            "id": "170242"
          },
          {
            "db": "PACKETSTORM",
            "id": "176559"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-37434"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-428208"
          },
          {
            "db": "PACKETSTORM",
            "id": "173605"
          },
          {
            "db": "PACKETSTORM",
            "id": "173107"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170179"
          },
          {
            "db": "PACKETSTORM",
            "id": "170898"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170210"
          },
          {
            "db": "PACKETSTORM",
            "id": "170759"
          },
          {
            "db": "PACKETSTORM",
            "id": "170806"
          },
          {
            "db": "PACKETSTORM",
            "id": "170242"
          },
          {
            "db": "PACKETSTORM",
            "id": "176559"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-37434"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-428208"
          },
          {
            "date": "2023-07-19T15:37:11",
            "db": "PACKETSTORM",
            "id": "173605"
          },
          {
            "date": "2023-06-23T14:56:34",
            "db": "PACKETSTORM",
            "id": "173107"
          },
          {
            "date": "2022-12-02T15:57:08",
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "date": "2022-12-09T14:52:40",
            "db": "PACKETSTORM",
            "id": "170179"
          },
          {
            "date": "2023-02-08T16:00:47",
            "db": "PACKETSTORM",
            "id": "170898"
          },
          {
            "date": "2023-01-26T15:29:09",
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "date": "2022-12-13T17:16:20",
            "db": "PACKETSTORM",
            "id": "170210"
          },
          {
            "date": "2023-01-27T15:03:38",
            "db": "PACKETSTORM",
            "id": "170759"
          },
          {
            "date": "2023-01-31T17:11:04",
            "db": "PACKETSTORM",
            "id": "170806"
          },
          {
            "date": "2022-12-15T15:34:35",
            "db": "PACKETSTORM",
            "id": "170242"
          },
          {
            "date": "2024-01-16T13:46:07",
            "db": "PACKETSTORM",
            "id": "176559"
          },
          {
            "date": "2022-08-05T07:15:07.240000",
            "db": "NVD",
            "id": "CVE-2022-37434"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-428208"
          },
          {
            "date": "2023-07-19T00:56:46.373000",
            "db": "NVD",
            "id": "CVE-2022-37434"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "173107"
          }
        ],
        "trust": 0.1
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat Security Advisory 2023-4053-01",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "173605"
          }
        ],
        "trust": 0.1
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "173605"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-202207-0588

    Vulnerability from variot - Updated: 2024-07-23 20:25

    The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). llhttp of llhttp For products from other vendors, HTTP There is a vulnerability related to request smuggling.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update Advisory ID: RHSA-2022:6389-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6389 Issue date: 2022-09-08 CVE Names: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-33987 ==================================================================== 1. Summary:

    An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

    1. Description:

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

    The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.20.0).

    Security Fix(es):

    • nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)

    • nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)

    • nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)

    • nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)

    • got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    • rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673)

    • Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding 2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z]

    1. Package List:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm

    noarch: rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm

    ppc64le: rh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm

    s390x: rh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm

    x86_64: rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm

    noarch: rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm

    x86_64: rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-32212 https://access.redhat.com/security/cve/CVE-2022-32213 https://access.redhat.com/security/cve/CVE-2022-32214 https://access.redhat.com/security/cve/CVE-2022-32215 https://access.redhat.com/security/cve/CVE-2022-33987 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYxnqU9zjgjWX9erEAQipBg/+NJmkBsKEPkFHZAiZhGKiwIkwaFcHK+e/ ODClFTTT9SkkMBheuc9HQDmwukaVlLMvbOJSVL/6NvuLQvOcQHtprOAJXr3I6KQm VScJRQny4et+D/N3bJJiuhqe9YY9Bh+EP7omS4aq2UuphEhkuTSQ0V2+Fa4O8wdZ bAhUhU660Q6aGzNGvcyz8vi7ohmOFZS94/x2Lr6cBG8LF0dmr/pIw+uPlO36ghXF IPEM3VcGisTGQRg2Xy5yqeouK1S+YAcZ1f0QUOePP+WRhIecfmG3cj6oYTRnrOyq +62525BHDNjIz55z6H32dKBIy+r+HT7WaOGgPwvH+ugmlH6NyKHjSyy+IJoglkfM 4+QA0zun7WhLet5y4jmsWCpT3mOCWj7h+iW6IqTlfcad3wCQ6OnySRq67W3GDq+M 3kdUdBoyfLm1vzLceEF4AK8qChj7rVl8x0b4v8OfRGv6ZEIe+BfJYNzI9HeuIE91 BYtLGe18vMs5mcWxcYMWlfAgzVSGTaqaaBie9qPtAThs00lJd9oRf/Mfga42/6vI nBLHwE3NyPyKfaLvcyLa/oPwGnOhKyPtD8HeN2MORm6RUeUClaq9s+ihDIPvbyLX bcKKdjGoJDWyJy2yU2GkVwrbF6gcKgdvo2uFckOpouKQ4P9KEooI/15fLy8NPIZz hGdWoRKL34w\xcePC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, noarch, ppc64le, s390x, x86_64

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    Debian Security Advisory DSA-5326-1 security@debian.org https://www.debian.org/security/ Aron Xu January 24, 2023 https://www.debian.org/security/faq


    Package : nodejs CVE ID : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548

    Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.

    For the stable distribution (bullseye), these problems have been fixed in version 12.22.12~dfsg-1~deb11u3.

    We recommend that you upgrade your nodejs packages.

    For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8 TjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp WblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd Txb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW xbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9 0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf EtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2 idXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w Y9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7 u0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu boP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH ujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\xfeRn -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6491-1 November 21, 2023

    nodejs vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 22.04 LTS
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS (Available with Ubuntu Pro)

    Summary:

    Several security issues were fixed in Node.js.

    Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment.

    Details:

    Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-32212)

    Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)

    It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-35256)

    It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-43548)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.2 libnode72 12.22.9~dfsg-1ubuntu3.2 nodejs 12.22.9~dfsg-1ubuntu3.2 nodejs-doc 12.22.9~dfsg-1ubuntu3.2

    Ubuntu 20.04 LTS: libnode-dev 10.19.0~dfsg-3ubuntu1.3 libnode64 10.19.0~dfsg-3ubuntu1.3 nodejs 10.19.0~dfsg-3ubuntu1.3 nodejs-doc 10.19.0~dfsg-3ubuntu1.3

    Ubuntu 18.04 LTS (Available with Ubuntu Pro): nodejs 8.10.0~dfsg-2ubuntu0.4+esm4 nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm4 nodejs-doc 8.10.0~dfsg-2ubuntu0.4+esm4

    In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-29


                                           https://security.gentoo.org/
    

    Severity: Low Title: Node.js: Multiple Vulnerabilities Date: May 08, 2024 Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614 ID: 202405-29


    Synopsis

    Multiple vulnerabilities have been discovered in Node.js.

    Background

    Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.

    Affected packages

    Package Vulnerable Unaffected


    net-libs/nodejs < 16.20.2 >= 16.20.2

    Description

    Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Node.js 20 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"

    All Node.js 18 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"

    All Node.js 16 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"

    References

    [ 1 ] CVE-2020-7774 https://nvd.nist.gov/vuln/detail/CVE-2020-7774 [ 2 ] CVE-2021-3672 https://nvd.nist.gov/vuln/detail/CVE-2021-3672 [ 3 ] CVE-2021-22883 https://nvd.nist.gov/vuln/detail/CVE-2021-22883 [ 4 ] CVE-2021-22884 https://nvd.nist.gov/vuln/detail/CVE-2021-22884 [ 5 ] CVE-2021-22918 https://nvd.nist.gov/vuln/detail/CVE-2021-22918 [ 6 ] CVE-2021-22930 https://nvd.nist.gov/vuln/detail/CVE-2021-22930 [ 7 ] CVE-2021-22931 https://nvd.nist.gov/vuln/detail/CVE-2021-22931 [ 8 ] CVE-2021-22939 https://nvd.nist.gov/vuln/detail/CVE-2021-22939 [ 9 ] CVE-2021-22940 https://nvd.nist.gov/vuln/detail/CVE-2021-22940 [ 10 ] CVE-2021-22959 https://nvd.nist.gov/vuln/detail/CVE-2021-22959 [ 11 ] CVE-2021-22960 https://nvd.nist.gov/vuln/detail/CVE-2021-22960 [ 12 ] CVE-2021-37701 https://nvd.nist.gov/vuln/detail/CVE-2021-37701 [ 13 ] CVE-2021-37712 https://nvd.nist.gov/vuln/detail/CVE-2021-37712 [ 14 ] CVE-2021-39134 https://nvd.nist.gov/vuln/detail/CVE-2021-39134 [ 15 ] CVE-2021-39135 https://nvd.nist.gov/vuln/detail/CVE-2021-39135 [ 16 ] CVE-2021-44531 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 [ 17 ] CVE-2021-44532 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 [ 18 ] CVE-2021-44533 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 [ 19 ] CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 [ 20 ] CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602 [ 21 ] CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786 [ 22 ] CVE-2022-21824 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 [ 23 ] CVE-2022-32212 https://nvd.nist.gov/vuln/detail/CVE-2022-32212 [ 24 ] CVE-2022-32213 https://nvd.nist.gov/vuln/detail/CVE-2022-32213 [ 25 ] CVE-2022-32214 https://nvd.nist.gov/vuln/detail/CVE-2022-32214 [ 26 ] CVE-2022-32215 https://nvd.nist.gov/vuln/detail/CVE-2022-32215 [ 27 ] CVE-2022-32222 https://nvd.nist.gov/vuln/detail/CVE-2022-32222 [ 28 ] CVE-2022-35255 https://nvd.nist.gov/vuln/detail/CVE-2022-35255 [ 29 ] CVE-2022-35256 https://nvd.nist.gov/vuln/detail/CVE-2022-35256 [ 30 ] CVE-2022-35948 https://nvd.nist.gov/vuln/detail/CVE-2022-35948 [ 31 ] CVE-2022-35949 https://nvd.nist.gov/vuln/detail/CVE-2022-35949 [ 32 ] CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 [ 33 ] CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 [ 34 ] CVE-2023-30582 https://nvd.nist.gov/vuln/detail/CVE-2023-30582 [ 35 ] CVE-2023-30583 https://nvd.nist.gov/vuln/detail/CVE-2023-30583 [ 36 ] CVE-2023-30584 https://nvd.nist.gov/vuln/detail/CVE-2023-30584 [ 37 ] CVE-2023-30586 https://nvd.nist.gov/vuln/detail/CVE-2023-30586 [ 38 ] CVE-2023-30587 https://nvd.nist.gov/vuln/detail/CVE-2023-30587 [ 39 ] CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 [ 40 ] CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 [ 41 ] CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 [ 42 ] CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 [ 43 ] CVE-2023-32003 https://nvd.nist.gov/vuln/detail/CVE-2023-32003 [ 44 ] CVE-2023-32004 https://nvd.nist.gov/vuln/detail/CVE-2023-32004 [ 45 ] CVE-2023-32005 https://nvd.nist.gov/vuln/detail/CVE-2023-32005 [ 46 ] CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 [ 47 ] CVE-2023-32558 https://nvd.nist.gov/vuln/detail/CVE-2023-32558 [ 48 ] CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202405-29

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0588",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "llhttp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "llhttp",
            "version": "18.0.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "14.15.0"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "16.12.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "37"
          },
          {
            "model": "llhttp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "llhttp",
            "version": "14.20.1"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "14.20.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "14.0.0"
          },
          {
            "model": "llhttp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "llhttp",
            "version": "16.17.1"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "16.0.0"
          },
          {
            "model": "llhttp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "llhttp",
            "version": "14.0.0"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "14.14.0"
          },
          {
            "model": "llhttp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "llhttp",
            "version": "16.0.0"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "16.16.0"
          },
          {
            "model": "sinec ins",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "16.13.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "36"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "18.5.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "18.0.0"
          },
          {
            "model": "llhttp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "llhttp",
            "version": "18.9.1"
          },
          {
            "model": "management center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "3.3.2"
          },
          {
            "model": "fedora",
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "model": "sinec ins",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "management center",
            "scope": null,
            "trust": 0.8,
            "vendor": "stormshield",
            "version": null
          },
          {
            "model": "node.js",
            "scope": null,
            "trust": 0.8,
            "vendor": "node js",
            "version": null
          },
          {
            "model": "llhttp",
            "scope": null,
            "trust": 0.8,
            "vendor": "llhttp",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013243"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32215"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.5.0",
                    "versionStartIncluding": "18.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "14.20.0",
                    "versionStartIncluding": "14.15.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "16.16.0",
                    "versionStartIncluding": "16.13.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.14.0",
                    "versionStartIncluding": "14.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.12.0",
                    "versionStartIncluding": "16.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "14.20.1",
                    "versionStartIncluding": "14.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "16.17.1",
                    "versionStartIncluding": "16.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.9.1",
                    "versionStartIncluding": "18.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.3.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32215"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168305"
          },
          {
            "db": "PACKETSTORM",
            "id": "169410"
          },
          {
            "db": "PACKETSTORM",
            "id": "168442"
          },
          {
            "db": "PACKETSTORM",
            "id": "168358"
          },
          {
            "db": "PACKETSTORM",
            "id": "168359"
          }
        ],
        "trust": 0.5
      },
      "cve": "CVE-2022-32215",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2022-32215",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-32215",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202207-678",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013243"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-678"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32215"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The llhttp parser \u003cv14.20.1, \u003cv16.17.1 and \u003cv18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). llhttp of llhttp For products from other vendors, HTTP There is a vulnerability related to request smuggling.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update\nAdvisory ID:       RHSA-2022:6389-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6389\nIssue date:        2022-09-08\nCVE Names:         CVE-2022-32212 CVE-2022-32213 CVE-2022-32214\n                   CVE-2022-32215 CVE-2022-33987\n====================================================================\n1. Summary:\n\nAn update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs14-nodejs (14.20.0). \n\nSecurity Fix(es):\n\n* nodejs: DNS rebinding in --inspect via invalid IP addresses\n(CVE-2022-32212)\n\n* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding\n(CVE-2022-32213)\n\n* nodejs: HTTP request smuggling due to improper delimiting of header\nfields (CVE-2022-32214)\n\n* nodejs: HTTP request smuggling due to incorrect parsing of multi-line\nTransfer-Encoding (CVE-2022-32215)\n\n* got: missing verification of requested URLs allows redirects to UNIX\nsockets (CVE-2022-33987)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets\n2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses\n2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding\n2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields\n2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding\n2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z]\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs14-nodejs-14.20.0-2.el7.src.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm\n\nnoarch:\nrh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm\n\nppc64le:\nrh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm\n\nx86_64:\nrh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nodejs14-nodejs-14.20.0-2.el7.src.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm\n\nnoarch:\nrh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm\n\nx86_64:\nrh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32212\nhttps://access.redhat.com/security/cve/CVE-2022-32213\nhttps://access.redhat.com/security/cve/CVE-2022-32214\nhttps://access.redhat.com/security/cve/CVE-2022-32215\nhttps://access.redhat.com/security/cve/CVE-2022-33987\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYxnqU9zjgjWX9erEAQipBg/+NJmkBsKEPkFHZAiZhGKiwIkwaFcHK+e/\nODClFTTT9SkkMBheuc9HQDmwukaVlLMvbOJSVL/6NvuLQvOcQHtprOAJXr3I6KQm\nVScJRQny4et+D/N3bJJiuhqe9YY9Bh+EP7omS4aq2UuphEhkuTSQ0V2+Fa4O8wdZ\nbAhUhU660Q6aGzNGvcyz8vi7ohmOFZS94/x2Lr6cBG8LF0dmr/pIw+uPlO36ghXF\nIPEM3VcGisTGQRg2Xy5yqeouK1S+YAcZ1f0QUOePP+WRhIecfmG3cj6oYTRnrOyq\n+62525BHDNjIz55z6H32dKBIy+r+HT7WaOGgPwvH+ugmlH6NyKHjSyy+IJoglkfM\n4+QA0zun7WhLet5y4jmsWCpT3mOCWj7h+iW6IqTlfcad3wCQ6OnySRq67W3GDq+M\n3kdUdBoyfLm1vzLceEF4AK8qChj7rVl8x0b4v8OfRGv6ZEIe+BfJYNzI9HeuIE91\nBYtLGe18vMs5mcWxcYMWlfAgzVSGTaqaaBie9qPtAThs00lJd9oRf/Mfga42/6vI\nnBLHwE3NyPyKfaLvcyLa/oPwGnOhKyPtD8HeN2MORm6RUeUClaq9s+ihDIPvbyLX\nbcKKdjGoJDWyJy2yU2GkVwrbF6gcKgdvo2uFckOpouKQ4P9KEooI/15fLy8NPIZz\nhGdWoRKL34w\\xcePC\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5326-1                   security@debian.org\nhttps://www.debian.org/security/                                  Aron Xu\nJanuary 24, 2023                      https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : nodejs\nCVE ID         : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215\n                 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548\n\nMultiple vulnerabilities were discovered in Node.js, which could result\nin HTTP request smuggling, bypass of host IP address validation and weak\nrandomness setup. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 12.22.12~dfsg-1~deb11u3. \n\nWe recommend that you upgrade your nodejs packages. \n\nFor the detailed security status of nodejs please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nodejs\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8\nTjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp\nWblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd\nTxb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW\nxbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9\n0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf\nEtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2\nidXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w\nY9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7\nu0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu\nboP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH\nujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\\xfeRn\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-6491-1\nNovember 21, 2023\n\nnodejs vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Node.js. \n\nSoftware Description:\n- nodejs: An open-source, cross-platform JavaScript runtime environment. \n\nDetails:\n\nAxel Chong discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted\ninput file, a remote attacker could possibly use this issue to execute\narbitrary code. (CVE-2022-32212)\n\nZeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted\ninput file, a remote attacker could possibly use this issue to execute\narbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213,\nCVE-2022-32214, CVE-2022-32215)\n\nIt was discovered that Node.js incorrectly handled certain inputs. If a user\nor an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to execute arbitrary\ncode. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-35256)\n\nIt was discovered that Node.js incorrectly handled certain inputs. If a user\nor an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to execute arbitrary\ncode. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-43548)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n   libnode-dev                     12.22.9~dfsg-1ubuntu3.2\n   libnode72                       12.22.9~dfsg-1ubuntu3.2\n   nodejs                          12.22.9~dfsg-1ubuntu3.2\n   nodejs-doc                      12.22.9~dfsg-1ubuntu3.2\n\nUbuntu 20.04 LTS:\n   libnode-dev                     10.19.0~dfsg-3ubuntu1.3\n   libnode64                       10.19.0~dfsg-3ubuntu1.3\n   nodejs                          10.19.0~dfsg-3ubuntu1.3\n   nodejs-doc                      10.19.0~dfsg-3ubuntu1.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n   nodejs                          8.10.0~dfsg-2ubuntu0.4+esm4\n   nodejs-dev                      8.10.0~dfsg-2ubuntu0.4+esm4\n   nodejs-doc                      8.10.0~dfsg-2ubuntu0.4+esm4\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202405-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n    Title: Node.js: Multiple Vulnerabilities\n     Date: May 08, 2024\n     Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614\n       ID: 202405-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Node.js. \n\nBackground\n=========\nNode.js is a JavaScript runtime built on Chrome\u2019s V8 JavaScript engine. \n\nAffected packages\n================\nPackage          Vulnerable    Unaffected\n---------------  ------------  ------------\nnet-libs/nodejs  \u003c 16.20.2     \u003e= 16.20.2\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Node.js. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Node.js 20 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-20.5.1\"\n\nAll Node.js 18 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-18.17.1\"\n\nAll Node.js 16 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-16.20.2\"\n\nReferences\n=========\n[ 1 ] CVE-2020-7774\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7774\n[ 2 ] CVE-2021-3672\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3672\n[ 3 ] CVE-2021-22883\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22883\n[ 4 ] CVE-2021-22884\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22884\n[ 5 ] CVE-2021-22918\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22918\n[ 6 ] CVE-2021-22930\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22930\n[ 7 ] CVE-2021-22931\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22931\n[ 8 ] CVE-2021-22939\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22939\n[ 9 ] CVE-2021-22940\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22940\n[ 10 ] CVE-2021-22959\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22959\n[ 11 ] CVE-2021-22960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22960\n[ 12 ] CVE-2021-37701\n      https://nvd.nist.gov/vuln/detail/CVE-2021-37701\n[ 13 ] CVE-2021-37712\n      https://nvd.nist.gov/vuln/detail/CVE-2021-37712\n[ 14 ] CVE-2021-39134\n      https://nvd.nist.gov/vuln/detail/CVE-2021-39134\n[ 15 ] CVE-2021-39135\n      https://nvd.nist.gov/vuln/detail/CVE-2021-39135\n[ 16 ] CVE-2021-44531\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44531\n[ 17 ] CVE-2021-44532\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44532\n[ 18 ] CVE-2021-44533\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44533\n[ 19 ] CVE-2022-0778\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0778\n[ 20 ] CVE-2022-3602\n      https://nvd.nist.gov/vuln/detail/CVE-2022-3602\n[ 21 ] CVE-2022-3786\n      https://nvd.nist.gov/vuln/detail/CVE-2022-3786\n[ 22 ] CVE-2022-21824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-21824\n[ 23 ] CVE-2022-32212\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32212\n[ 24 ] CVE-2022-32213\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32213\n[ 25 ] CVE-2022-32214\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32214\n[ 26 ] CVE-2022-32215\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32215\n[ 27 ] CVE-2022-32222\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32222\n[ 28 ] CVE-2022-35255\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35255\n[ 29 ] CVE-2022-35256\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35256\n[ 30 ] CVE-2022-35948\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35948\n[ 31 ] CVE-2022-35949\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35949\n[ 32 ] CVE-2022-43548\n      https://nvd.nist.gov/vuln/detail/CVE-2022-43548\n[ 33 ] CVE-2023-30581\n      https://nvd.nist.gov/vuln/detail/CVE-2023-30581\n[ 34 ] CVE-2023-30582\n      https://nvd.nist.gov/vuln/detail/CVE-2023-30582\n[ 35 ] CVE-2023-30583\n      https://nvd.nist.gov/vuln/detail/CVE-2023-30583\n[ 36 ] CVE-2023-30584\n      https://nvd.nist.gov/vuln/detail/CVE-2023-30584\n[ 37 ] CVE-2023-30586\n      https://nvd.nist.gov/vuln/detail/CVE-2023-30586\n[ 38 ] CVE-2023-30587\n      https://nvd.nist.gov/vuln/detail/CVE-2023-30587\n[ 39 ] CVE-2023-30588\n      https://nvd.nist.gov/vuln/detail/CVE-2023-30588\n[ 40 ] CVE-2023-30589\n      https://nvd.nist.gov/vuln/detail/CVE-2023-30589\n[ 41 ] CVE-2023-30590\n      https://nvd.nist.gov/vuln/detail/CVE-2023-30590\n[ 42 ] CVE-2023-32002\n      https://nvd.nist.gov/vuln/detail/CVE-2023-32002\n[ 43 ] CVE-2023-32003\n      https://nvd.nist.gov/vuln/detail/CVE-2023-32003\n[ 44 ] CVE-2023-32004\n      https://nvd.nist.gov/vuln/detail/CVE-2023-32004\n[ 45 ] CVE-2023-32005\n      https://nvd.nist.gov/vuln/detail/CVE-2023-32005\n[ 46 ] CVE-2023-32006\n      https://nvd.nist.gov/vuln/detail/CVE-2023-32006\n[ 47 ] CVE-2023-32558\n      https://nvd.nist.gov/vuln/detail/CVE-2023-32558\n[ 48 ] CVE-2023-32559\n      https://nvd.nist.gov/vuln/detail/CVE-2023-32559\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202405-29\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32215"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013243"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32215"
          },
          {
            "db": "PACKETSTORM",
            "id": "168305"
          },
          {
            "db": "PACKETSTORM",
            "id": "169410"
          },
          {
            "db": "PACKETSTORM",
            "id": "168442"
          },
          {
            "db": "PACKETSTORM",
            "id": "168358"
          },
          {
            "db": "PACKETSTORM",
            "id": "168359"
          },
          {
            "db": "PACKETSTORM",
            "id": "170727"
          },
          {
            "db": "PACKETSTORM",
            "id": "175817"
          },
          {
            "db": "PACKETSTORM",
            "id": "178512"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-32215",
            "trust": 4.1
          },
          {
            "db": "HACKERONE",
            "id": "1501679",
            "trust": 2.4
          },
          {
            "db": "SIEMENS",
            "id": "SSA-332410",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-017-03",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU90782730",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013243",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168305",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169410",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168442",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168358",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "170727",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3673",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3488",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3505",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3487",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4136",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4101",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3586",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4681",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022071827",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022071338",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072639",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072522",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022071612",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-678",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32215",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168359",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "175817",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "178512",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32215"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013243"
          },
          {
            "db": "PACKETSTORM",
            "id": "168305"
          },
          {
            "db": "PACKETSTORM",
            "id": "169410"
          },
          {
            "db": "PACKETSTORM",
            "id": "168442"
          },
          {
            "db": "PACKETSTORM",
            "id": "168358"
          },
          {
            "db": "PACKETSTORM",
            "id": "168359"
          },
          {
            "db": "PACKETSTORM",
            "id": "170727"
          },
          {
            "db": "PACKETSTORM",
            "id": "175817"
          },
          {
            "db": "PACKETSTORM",
            "id": "178512"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-678"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32215"
          }
        ]
      },
      "id": "VAR-202207-0588",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.20766129
      },
      "last_update_date": "2024-07-23T20:25:16.794000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-444",
            "trust": 1.0
          },
          {
            "problemtype": "HTTP Request Smuggling (CWE-444) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013243"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32215"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
          },
          {
            "trust": 2.4,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
          },
          {
            "trust": 2.4,
            "url": "https://hackerone.com/reports/1501679"
          },
          {
            "trust": 2.4,
            "url": "https://www.debian.org/security/2023/dsa-5326"
          },
          {
            "trust": 1.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32215"
          },
          {
            "trust": 1.4,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2icg6csib3guwh5dusqevx53mojw7lyk/"
          },
          {
            "trust": 1.4,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qcnn3yg2bcls4zekj3clsut6as7axth3/"
          },
          {
            "trust": 1.4,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vmqk5l5sbyd47qqz67lemhnq662gh3oy/"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32215"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2icg6csib3guwh5dusqevx53mojw7lyk/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qcnn3yg2bcls4zekj3clsut6as7axth3/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vmqk5l5sbyd47qqz67lemhnq662gh3oy/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu90782730/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32214"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32212"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32213"
          },
          {
            "trust": 0.6,
            "url": "https://security.netapp.com/advisory/ntap-20220915-0001/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170727/debian-security-advisory-5326-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3505"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168305/red-hat-security-advisory-2022-6389-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072522"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168442/red-hat-security-advisory-2022-6595-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168358/red-hat-security-advisory-2022-6449-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4681"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-32215/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072639"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4101"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3673"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4136"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3487"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022071827"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3586"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3488"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022071612"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169410/red-hat-security-advisory-2022-6985-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022071338"
          },
          {
            "trust": 0.5,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-32214"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-32213"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-32212"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33987"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-33987"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35256"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43548"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3807"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3807"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35255"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6389"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6985"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33502"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29244"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33502"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7788"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29244"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28469"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7788"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6449"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6448"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/nodejs"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.2"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-6491-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nodejs/10.19.0~dfsg-3ubuntu1.3"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22960"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30587"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32006"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22931"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22939"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32558"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30588"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3672"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35949"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22959"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/glsa/202405-29"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32004"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30584"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32003"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22883"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22884"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35948"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44533"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32002"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30582"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3602"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3786"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30590"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30586"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22940"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32559"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22930"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39134"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30581"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37712"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30583"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44531"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37701"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32215"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013243"
          },
          {
            "db": "PACKETSTORM",
            "id": "168305"
          },
          {
            "db": "PACKETSTORM",
            "id": "169410"
          },
          {
            "db": "PACKETSTORM",
            "id": "168442"
          },
          {
            "db": "PACKETSTORM",
            "id": "168358"
          },
          {
            "db": "PACKETSTORM",
            "id": "168359"
          },
          {
            "db": "PACKETSTORM",
            "id": "170727"
          },
          {
            "db": "PACKETSTORM",
            "id": "175817"
          },
          {
            "db": "PACKETSTORM",
            "id": "178512"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-678"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32215"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32215"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013243"
          },
          {
            "db": "PACKETSTORM",
            "id": "168305"
          },
          {
            "db": "PACKETSTORM",
            "id": "169410"
          },
          {
            "db": "PACKETSTORM",
            "id": "168442"
          },
          {
            "db": "PACKETSTORM",
            "id": "168358"
          },
          {
            "db": "PACKETSTORM",
            "id": "168359"
          },
          {
            "db": "PACKETSTORM",
            "id": "170727"
          },
          {
            "db": "PACKETSTORM",
            "id": "175817"
          },
          {
            "db": "PACKETSTORM",
            "id": "178512"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-678"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32215"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-09-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-013243"
          },
          {
            "date": "2022-09-08T14:41:32",
            "db": "PACKETSTORM",
            "id": "168305"
          },
          {
            "date": "2022-10-18T22:30:49",
            "db": "PACKETSTORM",
            "id": "169410"
          },
          {
            "date": "2022-09-21T13:47:04",
            "db": "PACKETSTORM",
            "id": "168442"
          },
          {
            "date": "2022-09-13T15:43:41",
            "db": "PACKETSTORM",
            "id": "168358"
          },
          {
            "date": "2022-09-13T15:43:55",
            "db": "PACKETSTORM",
            "id": "168359"
          },
          {
            "date": "2023-01-25T16:09:12",
            "db": "PACKETSTORM",
            "id": "170727"
          },
          {
            "date": "2023-11-21T16:00:44",
            "db": "PACKETSTORM",
            "id": "175817"
          },
          {
            "date": "2024-05-09T15:46:44",
            "db": "PACKETSTORM",
            "id": "178512"
          },
          {
            "date": "2022-07-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-678"
          },
          {
            "date": "2022-07-14T15:15:08.387000",
            "db": "NVD",
            "id": "CVE-2022-32215"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-09-06T08:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-013243"
          },
          {
            "date": "2023-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-678"
          },
          {
            "date": "2023-11-07T03:47:46.577000",
            "db": "NVD",
            "id": "CVE-2022-32215"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "175817"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-678"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "llhttp\u00a0 of \u00a0llhttp\u00a0 in products from other multiple vendors \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013243"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "environmental issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-678"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202302-0195

    Vulnerability from variot - Updated: 2024-07-23 19:21

    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack.

    The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected.

    These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0.

    The OpenSSL asn1parse command line application is also impacted by this issue. OpenSSL has payload data 0 become a part-time worker PEM When creating a file, PEM_read_bio_ex() A double free vulnerability exists because when returns a failure code, it introduces a pointer to an already freed buffer into the header argument.Malicious by attacker PEM Denial of service by providing files ( crash ) It may be in a state. Bugs fixed (https://bugzilla.redhat.com/):

    2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: OpenShift Container Platform 4.13.0 security update Advisory ID: RHSA-2023:1326-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1326 Issue date: 2023-05-17 CVE Names: CVE-2021-4235 CVE-2021-4238 CVE-2021-20329 CVE-2021-38561 CVE-2021-43519 CVE-2021-44964 CVE-2022-1271 CVE-2022-1586 CVE-2022-1587 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2509 CVE-2022-2990 CVE-2022-3080 CVE-2022-3259 CVE-2022-4203 CVE-2022-4304 CVE-2022-4450 CVE-2022-21698 CVE-2022-23525 CVE-2022-23526 CVE-2022-26280 CVE-2022-27191 CVE-2022-29154 CVE-2022-29824 CVE-2022-34903 CVE-2022-38023 CVE-2022-38177 CVE-2022-38178 CVE-2022-40674 CVE-2022-41316 CVE-2022-41717 CVE-2022-41721 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42919 CVE-2022-46146 CVE-2022-47629 CVE-2023-0056 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0229 CVE-2023-0286 CVE-2023-0361 CVE-2023-0401 CVE-2023-0620 CVE-2023-0665 CVE-2023-0778 CVE-2023-25000 CVE-2023-25165 CVE-2023-25173 CVE-2023-25577 CVE-2023-25725 CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 CVE-2023-30570 CVE-2023-30841 =====================================================================

    1. Summary:

    Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements.

    This release includes a security update for Red Hat OpenShift Container Platform 4.13.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

    This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. See the following advisory for the RPM packages for this release:

    https://access.redhat.com/errata/RHSA-2023:1325

    Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

    Security Fix(es):

    • goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)

    • go-yaml: Denial of Service in go-yaml (CVE-2021-4235)

    • mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)

    • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

    • prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

    • helm: Denial of service through through repository index file (CVE-2022-23525)

    • helm: Denial of service through schema file (CVE-2022-23526)

    • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

    • vault: insufficient certificate revocation list checking (CVE-2022-41316)

    • golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

    • x/net/http2/h2c: request smuggling (CVE-2022-41721)

    • net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

    • golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)

    • golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)

    • exporter-toolkit: authentication bypass via cache poisoning (CVE-2022-46146)

    • vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File (CVE-2023-0620)

    • hashicorp/vault: Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata (CVE-2023-0665)

    • hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations (CVE-2023-25000)

    • helm: getHostByName Function Information Disclosure (CVE-2023-25165)

    • containerd: Supplementary groups are not set up properly (CVE-2023-25173)

    • runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)

    • runc: AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration (CVE-2023-28642)

    • baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access (CVE-2023-30841)

    • runc: Rootless runc makes /sys/fs/cgroup writable (CVE-2023-25809)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

    1. Solution:

    For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

    You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

    The sha values for the release are:

    (For x86_64 architecture) The image digest is sha256:74b23ed4bbb593195a721373ed6693687a9b444c97065ce8ac653ba464375711

    (For s390x architecture) The image digest is sha256:a32d509d960eb3e889a22c4673729f95170489789c85308794287e6e9248fb79

    (For ppc64le architecture) The image digest is sha256:bca0e4a4ed28b799e860e302c4f6bb7e11598f7c136c56938db0bf9593fb76f8

    (For aarch64 architecture) The image digest is sha256:e07e4075c07fca21a1aed9d7f9c165696b1d0fa4940a219a000894e5683d846c

    All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1770297 - console odo download link needs to go to an official location or have caveats [openshift-4.4] 1853264 - Metrics produce high unbound cardinality 1877261 - [RFE] Mounted volume size issue when restore a larger size pvc than snapshot 1904573 - OpenShift: containers modify /etc/passwd group writable 1943194 - when using gpus, more nodes than needed are created by the node autoscaler 1948666 - After entering valid git repo url on Import from git page, throwing warning message instead Validated 1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated 2005232 - Pods list page should only show Create Pod button to user has sufficient permission 2016006 - Repositories list does not show the running pipelinerun as last pipelinerun 2027000 - The user is ignored when we create a new file using a MachineConfig 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2047299 - nodeport not reachable port connection timeout 2050230 - Implement LIST call chunking in openshift-sdn 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2065166 - GCP - Less privileged service accounts are created with Service Account User role 2066388 - Wrong Error generates when https is missing in the value of regionEndpoint in configs.imageregistry.operator.openshift.io/cluster 2066664 - [cluster-storage-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles 2070744 - openshift-install destroy in us-gov-west-1 results in infinite loop - AWS govcloud 2075548 - Support AllocateLoadBalancerNodePorts=False with ETP=local, LGW mode 2076619 - Could not create deployment with an unknown git repo and builder image build strategy 2078222 - egressIPs behave inconsistently towards in-cluster traffic (hosts and services backed by host-networked pods) 2079981 - PVs not deleting on azure (or very slow to delete) since CSI migration to azuredisk 2081858 - OVN-Kubernetes: SyncServices for nodePortWatcherIptables should propagate failures back to caller 2083087 - "Delete dependent objects of this resource" might cause confusions 2084452 - PodDisruptionBudgets help message should be semantic 2087043 - Cluster API components should use K8s 1.24 dependencies 2087553 - No rhcos-4.11/x86_64 images in the 2 new regions on alibabacloud, "ap-northeast-2 (South Korea (Seoul))" and "ap-southeast-7 (Thailand (Bangkok))" 2089093 - CVO hotloops on OperatorGroup due to the diff of "upgradeStrategy": string("Default") 2089138 - CVO hotloops on ValidatingWebhookConfiguration /performance-addon-operator 2090680 - upgrade for a disconnected cluster get hang on retrieving and verifying payload 2092567 - Network policy is not being applied as expected 2092811 - Datastore name is too long 2093339 - [rebase v1.24] Only known images used by tests 2095719 - serviceaccounts are not updated after upgrade from 4.10 to 4.11 2100181 - WebScale: configure-ovs.sh fails because it picks the wrong default interface 2100429 - [apiserver-auth] default SCC restricted allow volumes don't have "ephemeral" caused deployment with Generic Ephemeral Volumes stuck at Pending 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2104978 - MCD degrades are not overwrite-able by subsequent errors 2110565 - PDB: Remove add/edit/remove actions in Pod resource action menu 2110570 - Topology sidebar: Edit pod count shows not the latest replicas value when edit the count again 2110982 - On GCP, need to check load balancer health check IPs required for restricted installation 2113973 - operator scc is nor fixed when we define a custom scc with readOnlyRootFilesystem: true 2114515 - Getting critical NodeFilesystemAlmostOutOfSpace alert for 4K tmpfs 2115265 - Search page: LazyActionMenus are shown below Add/Remove from navigation button 2116686 - [capi] Cluster kind should be valid 2117374 - Improve Pod Admission failure for restricted-v2 denials that pass with restricted 2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking 2149436 - CVE-2022-46146 exporter-toolkit: authentication bypass via cache poisoning 2154196 - CVE-2022-23526 helm: Denial of service through schema file 2154202 - CVE-2022-23525 helm: Denial of service through through repository index file 2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling 2168458 - CVE-2023-25165 helm: getHostByName Function Information Disclosure 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 2175721 - CVE-2023-27561 runc: volume mount race condition (regression of CVE-2019-19921) 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 2182883 - CVE-2023-28642 runc: AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration 2182884 - CVE-2023-25809 runc: Rootless runc makes /sys/fs/cgroup writable 2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations 2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata 2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File 2190116 - CVE-2023-30841 baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access

    1. JIRA issues fixed (https://issues.jboss.org/):

    OCPBUGS-10036 - Enable aesgcm encryption provider by default in openshift/api OCPBUGS-10038 - Enable aesgcm encryption provider by default in openshift/cluster-config-operator OCPBUGS-10042 - Enable aesgcm encryption provider by default in openshift/cluster-kube-apiserver-operator OCPBUGS-10043 - Enable aesgcm encryption provider by default in openshift/cluster-openshift-apiserver-operator OCPBUGS-10044 - Enable aesgcm encryption provider by default in openshift/cluster-authentication-operator OCPBUGS-10047 - oc-mirror print log: unable to parse reference oci://mno/redhat-operator-index:v4.12 OCPBUGS-10057 - With WPC card configured as GM or BC, phc2sys clock lock state is shown as FREERUN in ptp metrics while it should be LOCKED OCPBUGS-10213 - aws: mismatch between RHCOS and AWS SDK regions OCPBUGS-10220 - Newly provisioned machines unable to join cluster OCPBUGS-10221 - Risk cache warming takes too long on channel changes OCPBUGS-10237 - Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry OCPBUGS-10239 - [release-4.13] Fix of ServiceAccounts gathering OCPBUGS-10249 - PollConsoleUpdates won't fire toast if one or more manifests errors when plugins change OCPBUGS-10267 - NetworkManager TUI quits regardless of a detected unsupported configuration OCPBUGS-10271 - [4.13] Netflink overflow alert OCPBUGS-10278 - Graph-data is not mounted on graph-builder correctly while install using graph-data image built by oc-mirror OCPBUGS-10281 - Openshift Ansible OVS version out of sync with RHCOS OCPBUGS-10291 - Broken link for Ansible tagging OCPBUGS-10298 - TenantID is ignored in some cases OCPBUGS-10320 - Catalogs should not be included in the ImageContentSourcePolicy.yaml OCPBUGS-10321 - command cannot be worked after chroot /host for oc debug pod OCPBUGS-1033 - Multiple extra manifests in the same file are not applied correctly OCPBUGS-10334 - Nutanix cloud-controller-manager pod not have permission to get/list ConfigMap OCPBUGS-10353 - kube-apiserver not receiving or processing shutdown signal after coreos 9.2 bump OCPBUGS-10367 - Pausing pools in OCP 4.13 will cause critical alerts to fire OCPBUGS-10377 - [gcp] IPI installation with Shielded VMs enabled failed on restarting the master machines OCPBUGS-10404 - Workload annotation missing from deployments OCPBUGS-10421 - RHCOS 4.13 live iso x84_64 contains restrictive policy.json OCPBUGS-10426 - node-topology is not exported due to kubelet.sock: connect: permission denied OCPBUGS-10427 - 4.1 born cluster fails to scale-up due to podman run missing --authfile flag OCPBUGS-10432 - CSI Inline Volume admission plugin does not log object name correctly OCPBUGS-10440 - OVN IPSec - does not create IPSec tunnels OCPBUGS-10474 - OpenShift pipeline TaskRun(s) column Duration is not present as column in UI OCPBUGS-10476 - Disable netlink mode of netclass collector in Node Exporter. OCPBUGS-1048 - if tag categories don't exist, the installation will fail to bootstrap OCPBUGS-10483 - [4.13 arm64 image][AWS EFS] Driver fails to get installed/exec format error OCPBUGS-10558 - MAPO failing to retrieve flavour information after rotating credentials OCPBUGS-10585 - [4.13] Request to update RHCOS installer bootimage metadata OCPBUGS-10586 - Console shows x509 error when requesting token from oauth endpoint OCPBUGS-10597 - The agent-tui shows again during the installation OCPBUGS-1061 - administrator console, monitoring-alertmanager-edit user list or create silence, "Observe - Alerting - Silences" page is pending OCPBUGS-10645 - 4.13: Operands running management side missing affinity, tolerations, node selector and priority rules than the operator OCPBUGS-10656 - create image command erroneously logs that Base ISO was obtained from release OCPBUGS-10657 - When releaseImage is a digest the create image command generates spurious warning OCPBUGS-10658 - Wrong PrimarySubnet in OpenstackProviderSpec when using Failure Domains OCPBUGS-10661 - machine API operator failing with No Major.Minor.Patch elements found OCPBUGS-10678 - Developer catalog shows ImageStreams as samples which has no sampleRepo OCPBUGS-10679 - Show type of sample on the samples view OCPBUGS-10689 - [IPI on BareMetal]: Workers failing inspection when installing with proxy OCPBUGS-10697 - [release-4.13] User is allowed to create IP Address pool with duplicate entries for namespace and matchExpression for serviceSelector and namespaceSelector OCPBUGS-10698 - [release-4.13] Already assigned IP address is removed from a service on editing the ip address pool. OCPBUGS-10710 - Metal virtual media job permafails during early bootstrap OCPBUGS-10716 - Image Registry default to Removed on IBM cloud after 4.13.0-ec.3 OCPBUGS-10739 - [4.13] Bootimage bump tracker OCPBUGS-10744 - [4.13] EgressFirewall status disappeared OCPBUGS-10746 - Downstream Operator-SDK v1.22.2 to OCP 4.13 OCPBUGS-10771 - upgrade test failure with "Cluster operator control-plane-machine-set is not available" OCPBUGS-10773 - TestNewAppRun unit test failing OCPBUGS-10792 - Hypershift namespace servicemonitor has wrong API group OCPBUGS-10793 - Ignore device list missing in Node Exporter OCPBUGS-10796 - [4.13] Egress firewall is not retried on error OCPBUGS-10799 - Network policy perf improvements OCPBUGS-10801 - [4.13] Upgrade to 4.10 stalled on timeout completing syncEgressFirewall OCPBUGS-10811 - Missing vCenter build number in telemetry OCPBUGS-10813 - SCOS bootstrap should skip pivot when root is not writable OCPBUGS-10826 - RHEL 9.2 doesn't contain the kernel-abi-whitelists package. OCPBUGS-10832 - Edit Deployment (and DC) form doesn't enable Save button when changing strategy type OCPBUGS-10833 - update the default pipelineRun template name OCPBUGS-10834 - [OVNK] [IC] Having only one leader election in the master process OCPBUGS-10873 - OVN to OVN-H migration seems broken OCPBUGS-10888 - oauth-server fails to invalidate cache, causing non existing groups being referenced OCPBUGS-10890 - Hypershift replace upgrade: node in NotReady after upgrading from a 4.14 image to another 4.14 image OCPBUGS-10891 - Cluster Autoscaler balancing similar nodes test fails randomly OCPBUGS-10892 - Passwords printed in log messages OCPBUGS-10893 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag OCPBUGS-10902 - [IBMCloud] destroyed the private cluster, fail to cleanup the dns records OCPBUGS-10903 - [IBMCloud] fail to ssh to master/bootstrap/worker nodes from the bastion inside a customer vpc. OCPBUGS-10907 - move to rhel9 in DTK for 4.13 OCPBUGS-10914 - Node healthz server: return unhealthy when pod is to be deleted OCPBUGS-10919 - Update Samples Operator to use latest jenkins 4.12 release OCPBUGS-10923 - Cluster bootstrap waits for only one master to join before finishing OCPBUGS-10929 - Kube 1.26 for ovn-k OCPBUGS-10946 - For IPv6-primary dual-stack cluster, kubelet.service renders only single node-ip OCPBUGS-10951 - When imagesetconfigure without OCI FBC format config, but command with use-oci-feature flag, the oc-mirror command should check the imagesetconfigure firstly and print error immediately OCPBUGS-10953 - ovnkube-node does not close up correctly OCPBUGS-10955 - [release-4.13] NMstate complains about ping not working when adding multiple routing tables with different gateways OCPBUGS-10960 - [4.13] Vertical Scaling: do not trigger inadvertent machine deletion during bootstrap OCPBUGS-10965 - The network-tools image stream is missing in the cluster samples OCPBUGS-10982 - [4.13] nodeSelector in EgressFirewall doesn't work in dualstack cluster OCPBUGS-10989 - Agent create sub-command is returning fatal error OCPBUGS-10990 - EgressIP doesn't work in GCP XPN cluster OCPBUGS-11004 - Bootstrap kubelet client cert should include system:serviceaccounts group OCPBUGS-11010 - [vsphere] zone cluster installation fails if vSphere Cluster is embedded in Folder OCPBUGS-11022 - [4.13][scale] all egressfirewalls will be updated on every node update OCPBUGS-11023 - [4.13][scale] Ingress network policy creates more flows than before OCPBUGS-11031 - SNO OCP upgrade from 4.12 to 4.13 failed due to node-tuning operator is not available - tuned pod stuck at Terminating OCPBUGS-11032 - Update the validation interval for the cluster transfer to 12 hours OCPBUGS-11040 - --container-runtime is being removed in k8s 1.27 OCPBUGS-11054 - GCP: add europe-west12 region to the survey as supported region OCPBUGS-11055 - APIServer service isn't selected correctly for PublicAndPrivate cluster when external-dns is not configured OCPBUGS-11058 - [4.13] Conmon leaks symbolic links in /var/run/crio when pods are deleted OCPBUGS-11068 - nodeip-configuration not enabled for VSphere UPI OCPBUGS-11107 - Alerts display incorrect source when adding external alert sources OCPBUGS-11117 - The provided gcc RPM inside DTK does not match the gcc used to build the kernel OCPBUGS-11120 - DTK docs should mention the ubi9 base image instead of ubi8 OCPBUGS-11213 - BMH moves to deleting before all finalizers are processed OCPBUGS-11218 - "pipelines-as-code-pipelinerun-go" configMap is not been used for the Go repository OCPBUGS-11222 - kube-controller-manager cluster operator is degraded due connection refused while querying rules OCPBUGS-11227 - Relax CSR check due to k8s 1.27 changes OCPBUGS-11232 - All projects options shows as undefined after selection in Dev perspective Pipelines page OCPBUGS-11248 - Secret name variable get renders in Create Image pull secret alert OCPBUGS-1125 - Fix disaster recovery test [sig-etcd][Feature:DisasterRecovery][Disruptive] [Feature:EtcdRecovery] Cluster should restore itself after quorum loss [Serial] OCPBUGS-11257 - egressip cannot be assigned on hypershift hosted cluster node OCPBUGS-11261 - [AWS][4.13] installer get stuck if BYO private hosted zone is configured OCPBUGS-11263 - PTP KPI version 4.13 RC2 WPC - offset jumps to huge numbers OCPBUGS-11307 - Egress firewall node selector test missing OCPBUGS-11333 - startupProbe for UWM prometheus is still 15m OCPBUGS-11339 - ose-ansible-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13 OCPBUGS-11340 - ose-helm-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13 OCPBUGS-11341 - openshift-manila-csi-driver is missing the workload.openshift.io/allowed label OCPBUGS-11354 - CPMS: node readiness transitions not always trigger reconcile OCPBUGS-11384 - Switching from enabling realTime to disabling Realtime Workloadhint causes stalld to be enabled OCPBUGS-11390 - Service Binding Operator installation fails: "A subscription for this operator already exists in namespace ..." OCPBUGS-11424 - [release-4.13] new whereabouts reconciler relies on HOSTNAME which != spec.nodeName OCPBUGS-11427 - [release-4.13] whereabouts reads wrong annotation "k8s.v1.cni.cncf.io/networks-status", should be "k8s.v1.cni.cncf.io/network-status" OCPBUGS-11456 - PTP - When GM and downstream slaves are configured on same server, ptp metrics show slaves as FREERUN OCPBUGS-11458 - Ingress Takes 40s on Average Downtime During GCP OVN Upgrades OCPBUGS-11460 - CPMS doesn't always generate configurations for AWS OCPBUGS-11468 - Community operator cannot be mirrored due to malformed image address OCPBUGS-11469 - [release4.13] "exclude bundles with olm.deprecated property when rendering" not backport OCPBUGS-11473 - NS autolabeler requires RoleBinding subject namespace to be set when using ServiceAccount OCPBUGS-11485 - [4.13] NVMe disk by-id rename breaks LSO/ODF OCPBUGS-11503 - Update 4.13 cluster-network-operator image in Dockerfile to be consistent with ART OCPBUGS-11506 - CPMS e2e periodics tests timeout failures OCPBUGS-11507 - Potential 4.12 to 4.13 upgrade failure due to NIC rename OCPBUGS-11510 - Setting cpu-quota.crio.io to disable with crun causes container creation to fail OCPBUGS-11511 - [4.13] static container pod cannot be running due to CNI request failed with status 400 OCPBUGS-11529 - [Azure] fail to collect the vm serial log with ?gather bootstrap? OCPBUGS-11536 - Cluster monitoring operator runs node-exporter with btrfs collector OCPBUGS-11545 - multus-admission-controller should not run as root under Hypershift-managed CNO OCPBUGS-11558 - multus-admission-controller should not run as root under Hypershift-managed CNO OCPBUGS-11589 - Ensure systemd is compatible with rhel8 journalctl OCPBUGS-11598 - openshift-azure-routes triggered continously on rhel9 OCPBUGS-11606 - User configured In-cluster proxy configuration squashed in hypershift OCPBUGS-11643 - Updating kube-rbac-proxy images to be consistent with ART OCPBUGS-11657 - [4.13] Static IPv6 LACP bonding is randomly failing in RHCOS 413.92 OCPBUGS-11659 - Error extracting libnmstate.so.1.3.3 when create image OCPBUGS-11661 - AWS s3 policy changes block all OCP installs on AWS OCPBUGS-11669 - Bump to kubernetes 1.26.3 OCPBUGS-11683 - [4.13] Add Controller health to CEO liveness probe OCPBUGS-11694 - [4.13] Update legacy toolbox to use registry.redhat.io/rhel9/support-tools OCPBUGS-11706 - ccoctl cannot create STS documents in 4.10-4.13 due to s3 policy changes OCPBUGS-11750 - TuningCNI cnf-test failure: sysctl allowlist update OCPBUGS-11765 - [4.13] Keep current OpenSSH default config in RHCOS 9 OCPBUGS-11776 - [4.13] VSphereStorageDriver does not document the platform default OCPBUGS-11778 - Upgrade SNO: no resolv.conf caused by failure in forcedns dispatcher script OCPBUGS-11787 - Update 4.14 ose-vmware-vsphere-csi-driver image to be consistent with ART OCPBUGS-11789 - [4.13] Bootimage bump tracker OCPBUGS-11799 - [4.13] Bootimage bump tracker OCPBUGS-11823 - [Reliability]kube-apiserver's memory usage keep increasing to max 3GB in 7 days OCPBUGS-11848 - PtpOperatorsConfig not applying correctly OCPBUGS-11866 - Pipeline is not removed when Deployment/DC/Knative Service or Application is deleted OCPBUGS-11870 - [4.13] Nodes in Ironic are created without namespaces initially OCPBUGS-11876 - oc-mirror generated file-based catalogs crashloop OCPBUGS-11908 - Got the file exists error when different digest direct to the same tag OCPBUGS-11917 - the warn message won't disappear in co/node-tuning when scale down machineset OCPBUGS-11919 - Console metrics could have a high cardinality (4.13) OCPBUGS-11950 - fail to create vSphere IPI cluster as apiVIP and ingressVIP are not in machine networks OCPBUGS-11955 - NTP config not applied OCPBUGS-11968 - Instance shouldn't be moved back from f to a OCPBUGS-11985 - [4.13] Ironic inspector service should be proxied OCPBUGS-12172 - Users don't know what type of resource is being created by Import from Git or Deploy Image flows OCPBUGS-12179 - agent-tui is failing to start when using libnmstate.2 OCPBUGS-12186 - Pipeline doesn't render correctly when displayed but looks fine in edit mode OCPBUGS-12198 - create hosted cluster failed with aws s3 access issue OCPBUGS-12212 - cluster failed to convert from dualstack to ipv4 single stack OCPBUGS-12225 - Add new OCP 4.13 storage admission plugin OCPBUGS-12257 - Catalogs rebuilt by oc-mirror are in crashloop : cache is invalid OCPBUGS-12259 - oc-mirror fails to complete with heads only complaining about devworkspace-operator OCPBUGS-12271 - Hypershift conformance test fails new cpu partitioning tests OCPBUGS-12272 - Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected OCPBUGS-12273 - When Creating Sample Devfile from the Samples Page, Topology Icon is not set OCPBUGS-12450 - [4.13] Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time OCPBUGS-12465 - --use-oci-feature leads to confusion and needs to be better named OCPBUGS-12478 - CSI driver + operator containers are not pinned to mgmt cores OCPBUGS-1264 - e2e-vsphere-zones failing due to unable to parse cloud-config OCPBUGS-12698 - redfish-virtualmedia mount not working OCPBUGS-12703 - redfish-virtualmedia mount not working OCPBUGS-12708 - [4.13] Changing a PreprovisioningImage ImageURL and/or ExtraKernelParams should reboot the host OCPBUGS-1272 - "opm alpha render-veneer basic" doesn't support pipe stdin OCPBUGS-12737 - Multus admission controller must have "hypershift.openshift.io/release-image" annotation when CNO is managed by Hypershift OCPBUGS-12786 - OLM CatalogSources in guest cluster cannot pull images if pre-GA OCPBUGS-12804 - Dual stack VIPs incompatible with EnableUnicast setting OCPBUGS-12854 - cluster-reader role cannot access "k8s.ovn.org" API Group resources OCPBUGS-12862 - IPv6 ingress VIP not configured in keepalived on vSphere Dual-stack OCPBUGS-12865 - Kubernetes-NMState CI is perma-failing OCPBUGS-12933 - Node Tuning Operator crashloops when in Hypershift mode OCPBUGS-12994 - TCP DNS Local Preference is not working for Openshift SDN OCPBUGS-12999 - Backport owners through 4.13, 4.12 OCPBUGS-13029 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13 OCPBUGS-13057 - ppc64le releases don't install because ovs fails to start (invalid permissions) OCPBUGS-13069 - [whereabouts-cni] CNO must use reconciliation controller in order to support dual stack in 4.12 [4.13 dependency] OCPBUGS-13071 - CI fails on TestClientTLS OCPBUGS-13072 - Capture tests don't work in OVNK OCPBUGS-13076 - Load balancers/ Ingress controller removal race condition OCPBUGS-13157 - CI fails on TestRouterCompressionOperation OCPBUGS-13254 - Nutanix cloud provider should use Kubernetes 1.26 dependencies OCPBUGS-1327 - [IBMCloud] Worker machines unreachable during initial bring up OCPBUGS-1352 - OVN silently failing in case of a stuck pod OCPBUGS-1427 - Ignore non-ready endpoints when processing endpointslices OCPBUGS-1428 - service account token secret reference OCPBUGS-1435 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns OCPBUGS-1443 - Unable to get ClusterVersion error while upgrading 4.11 to 4.12 OCPBUGS-1453 - TargetDown alert expression is NOT correctly joining kube-state-metrics metric OCPBUGS-1458 - cvo pod crashloop during bootstrap: featuregates: connection refused OCPBUGS-1486 - Avoid re-metric'ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election OCPBUGS-1557 - Default to floating automaticRestart for new GCP instances OCPBUGS-1560 - [vsphere] installation fails when only configure single zone in install-config OCPBUGS-1565 - Possible split brain with keepalived unicast OCPBUGS-1566 - Automation Offline CPUs Test cases OCPBUGS-1577 - Incorrect network configuration in worker node with two interfaces OCPBUGS-1604 - Common resources out-of-date when using multicluster switcher OCPBUGS-1606 - Multi-cluster: We should not filter OLM catalog by console pod architecture and OS on managed clusters OCPBUGS-1612 - [vsphere] installation errors out when missing topology in a failure domain OCPBUGS-1617 - Remove unused node.kubernetes.io/not-reachable toleration OCPBUGS-1627 - [vsphere] installation fails when setting user-defined folder in failure domain OCPBUGS-1646 - [osp][octavia lb] LBs type svcs not updated until all the LBs are created OCPBUGS-166 - 4.11 SNOs fail to complete install because of "failed to get pod annotation: timed out waiting for annotations: context deadline exceeded" OCPBUGS-1665 - Scorecard failed because of the request of PodSecurity OCPBUGS-1671 - Creating a statefulset with the example image from the UI on ARM64 leads to a Pod in crashloopbackoff due to the only-amd64 image provided OCPBUGS-1704 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed OCPBUGS-1725 - Affinity rule created in router deployment for single-replica infrastructure and "NodePortService" endpoint publishing strategy OCPBUGS-1741 - Can't load additional Alertmanager templates with latest 4.12 OpenShift OCPBUGS-1748 - PipelineRun templates must be fetched from OpenShift namespace OCPBUGS-1761 - osImages that cannot be pulled do not set the node as Degraded properly OCPBUGS-1769 - gracefully fail when iam:GetRole is denied OCPBUGS-1778 - Can't install clusters with schedulable masters OCPBUGS-1791 - Wait-for install-complete did not exit upon completion. OCPBUGS-1805 - [vsphere-csi-driver-operator] CSI cloud.conf doesn't list multiple datacenters when specified OCPBUGS-1807 - Ingress Operator startup bad log message formatting OCPBUGS-1844 - Ironic dnsmasq doesn't include existing DNS settings during iPXE boot OCPBUGS-1852 - [RHOCP 4.10] Subscription tab for operator doesn't land on correct URL OCPBUGS-186 - PipelineRun task status overlaps status text OCPBUGS-1998 - Cluster monitoring fails to achieve new level during upgrade w/ unavailable node OCPBUGS-2015 - TestCertRotationTimeUpgradeable failing consistently in kube-apiserver-operator OCPBUGS-2083 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it OCPBUGS-2088 - User can set rendezvous host to be a worker OCPBUGS-2141 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8 OCPBUGS-2145 - 'maxUnavailable' and 'minAvailable' on PDB creation page - i18n misses OCPBUGS-2209 - Hard eviction thresholds is different with k8s default when PAO is enabled OCPBUGS-2248 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error "alicloud: unable to split instanceid and region from providerID" OCPBUGS-2260 - KubePodNotReady - Increase Tolerance During Master Node Restarts OCPBUGS-2306 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - ', it can't be changed by typing in it. OCPBUGS-2319 - metal-ipi upgrade success rate dropped 30+% in last week OCPBUGS-2384 - [2035720] [IPI on Alibabacloud] deploying a private cluster by 'publish: Internal' failed due to 'dns_public_record' OCPBUGS-2440 - unknown field logs in prometheus-operator OCPBUGS-2471 - BareMetalHost is available without cleaning if the cleaning attempt fails OCPBUGS-2479 - Right border radius is 0 for the pipeline visualization wrapper in dark mode OCPBUGS-2500 - Developer Topology always blanks with large contents when first rendering OCPBUGS-2513 - Disconnected cluster installation fails with pull secret must contain auth for "registry.ci.openshift.org" OCPBUGS-2525 - [CI Watcher] Ongoing timeout failures associated with multiple CRD-extensions tests OCPBUGS-2532 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed OCPBUGS-2551 - "Error loading" when normal user check operands on All namespaces OCPBUGS-2569 - ovn-k network policy races OCPBUGS-2579 - Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization OCPBUGS-266 - Project Access tab cannot differentiate between users and groups OCPBUGS-2666 - create a project link not backed by RBAC check OCPBUGS-272 - Getting duplicate word "find" when kube-apiserver degraded=true if webhook matches a virtual resource OCPBUGS-2727 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates OCPBUGS-2729 - should ignore enP.* NICs from node-exporter on Azure cluster OCPBUGS-2735 - Operand List Page Layout Incorrect on small screen size. OCPBUGS-2738 - CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ose-baremetal-installer-container: various flaws [openshift-4.13.z] OCPBUGS-2824 - The dropdown list component will be covered by deployment details page on Topology page OCPBUGS-2827 - OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods OCPBUGS-2841 - Need validation rule for supported arch OCPBUGS-2845 - Unable to use application credentials for Cinder CSI after OpenStack credentials update OCPBUGS-2847 - GCP XPN should only be available with Tech Preview OCPBUGS-2851 - [OCI feature] registries.conf support in oc mirror OCPBUGS-2852 - etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded OCPBUGS-2868 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster OCPBUGS-2873 - Prometheus doesn't reload TLS certificate and key files on disk OCPBUGS-2886 - The LoadBalaner section shouldn't be set when using Kuryr on cloud-provider OCPBUGS-2891 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener OCPBUGS-2895 - [RFE] 4.11 Azure DiskEncryptionSet static validation does not support upper-case letters OCPBUGS-2904 - If all the actions are disabled in add page, Details on/off toggle switch to be disabled OCPBUGS-2907 - provisioning of baremetal nodes fails when using multipath device as rootDeviceHints OCPBUGS-2921 - br-ex interface not configured makes ovnkube-node Pod to crashloop OCPBUGS-2922 - 'Status' column sorting doesn't work as expected OCPBUGS-2926 - Unable to gather OpenStack console logs since kernel cmd line has no console args OCPBUGS-2934 - Ingress node firewall pod 's events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node OCPBUGS-2941 - CIRO unable to detect swift when content-type is omitted in 204-responses OCPBUGS-2946 - [AWS] curl network Loadbalancer always get "Connection time out" OCPBUGS-2948 - Whereabouts CNI timesout while iterating exclude range OCPBUGS-2988 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10" OCPBUGS-2991 - CI jobs are failing with: admission webhook "validation.csi.vsphere.vmware.com" denied the request OCPBUGS-2992 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations OCPBUGS-2994 - Keepalived monitor stuck for long period of time on kube-api call while installing OCPBUGS-2996 - [4.13] Bootimage bump tracker OCPBUGS-3018 - panic in WaitForBootstrapComplete OCPBUGS-3021 - GCP: missing me-west1 region OCPBUGS-3024 - Service list shows undefined:80 when type is ExternalName or LoadBalancer OCPBUGS-3027 - Metrics are not available when running console in development mode OCPBUGS-3029 - BareMetalHost CR fails to delete on cluster cleanup OCPBUGS-3033 - Clicking the logo in the masthead goes to /dashboards, even if metrics are disabled OCPBUGS-3041 - Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters OCPBUGS-3069 - Should show information on page if the upgrade to a target version doesn't take effect. OCPBUGS-3072 - Operator-sdk run bundle with old sqllite index image failed OCPBUGS-3079 - RPS hook only sets the first queue, but there are now many OCPBUGS-3085 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage
    OCPBUGS-3093 - The control plane should tag AWS security groups at creation OCPBUGS-3096 - The terraform binaries shipped by the installer are not statically linked OCPBUGS-3109 - Change text colour for ConsoleNotification that notifies user that the cluster is being OCPBUGS-3114 - CNO reporting incorrect status OCPBUGS-3123 - Operator attempts to render both GA and Tech Preview API Extensions OCPBUGS-3127 - nodeip-configuration retries forever on network failure, blocking ovs-configuration, spamming syslog OCPBUGS-3168 - Add Capacity button does not exist after upgrade OCP version [OCP4.11->OCP4.12] OCPBUGS-3172 - Console shouldn't try to install dynamic plugins if permissions aren't available OCPBUGS-3180 - Regression in ptp-operator conformance tests OCPBUGS-3186 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install OCPBUGS-3192 - [4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails OCPBUGS-3195 - Service-ca controller exits immediately with an error on sigterm OCPBUGS-3206 - [sdn2ovn] Migration failed in vsphere cluster OCPBUGS-3207 - SCOS build fails due to pinned kernel OCPBUGS-3214 - Installer does not always add router CA to kubeconfig OCPBUGS-3228 - Broken secret created while starting a Pipeline OCPBUGS-3235 - Topology gets stuck loading OCPBUGS-3245 - ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update OCPBUGS-3248 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4] OCPBUGS-3253 - No warning when using wait-for vs. agent wait-for commands OCPBUGS-3272 - Unhealthy Readiness probe failed message failing CI when ovnkube DBs are still coming up OCPBUGS-3275 - No-op: Unable to retrieve machine from node "xxx": expecting one machine for node xxx got: [] OCPBUGS-3277 - Install failure in create-cluster-and-infraenv.service OCPBUGS-3278 - Shouldn't need to put host data in platform baremetal section in installconfig OCPBUGS-3280 - Install ends in preparing-failed due to container-images-available validation OCPBUGS-3283 - remove unnecessary RBAC in KCM OCPBUGS-3292 - DaemonSet "/openshift-network-diagnostics/network-check-target" is not available OCPBUGS-3314 - 'gitlab.secretReference' disappears when the buildconfig is edited on ?From View? OCPBUGS-3316 - Branch name should sanitised to match actual github branch name in repository plr list OCPBUGS-3320 - New master will be created if add duplicated failuredomains in controlplanemachineset OCPBUGS-3331 - Update dependencies in CMO release 4.13 OCPBUGS-3334 - Console should be using v1 apiVersion for ConsolePlugin model OCPBUGS-3337 - revert "force cert rotation every couple days for development" in 4.12 OCPBUGS-3338 - Environment cannot find Python OCPBUGS-3358 - Revert BUILD-407 OCPBUGS-3372 - error message is too generic when creating a silence with end time before start OCPBUGS-3373 - cluster-monitoring-view user can not list servicemonitors on "Observe -> Targets" page OCPBUGS-3377 - CephCluster and StorageCluster resources use the same paths OCPBUGS-3381 - Make ovnkube-trace work on hypershift deployments OCPBUGS-3382 - Unable to configure cluster-wide proxy OCPBUGS-3391 - seccomp profile unshare.json missing from nodes OCPBUGS-3395 - Event Source is visible without even creating knative-eventing and knative-serving. OCPBUGS-3404 - IngressController.spec.nodePlacement.nodeSelector.matchExpressions does not work OCPBUGS-3414 - Missing 'ImageContentSourcePolicy' and 'CatalogSource' in the oci fbc feature implementation OCPBUGS-3424 - Azure Disk CSI Driver Operator gets degraded without "CSISnapshot" capability OCPBUGS-3426 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13 OCPBUGS-3427 - Skip broken [sig-devex][Feature:ImageEcosystem] tests OCPBUGS-3438 - cloud-network-config-controller not using proxy settings of the management cluster OCPBUGS-3440 - Authentication operator doesn't respond to console being enabled OCPBUGS-3441 - Update cluster-authentication-operator not to go degraded without console OCPBUGS-3444 - [4.13] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters OCPBUGS-3456 - track rhcos-4.12 branch for fedora-coreos-config submodule OCPBUGS-3458 - Surface ClusterVersion RetrievedUpdates condition messages OCPBUGS-3465 - IBM operator needs deployment manifest fixes OCPBUGS-3473 - Allow listing crio and kernel versions in machine-os components OCPBUGS-3476 - Show Tag label and tag name if tag is detected in repository PipelineRun list and details page OCPBUGS-3480 - Baremetal Provisioning fails on HP Gen9 systems due to eTag handling OCPBUGS-3499 - Route CRD validation behavior must be the same as openshift-apiserver behavior OCPBUGS-3501 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior OCPBUGS-3502 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation OCPBUGS-3508 - masters repeatedly losing connection to API and going NotReady OCPBUGS-3524 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure OCPBUGS-3526 - oc fails to extract layers that set xattr on Darwin OCPBUGS-3539 - [OVN-provider]loadBalancer svc with monitors not working OCPBUGS-3612 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1 OCPBUGS-3621 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags OCPBUGS-3648 - Container security operator Image Manifest Vulnerabilities encounters runtime errors under some circumstances OCPBUGS-3659 - Expose AzureDisk metrics port over HTTPS OCPBUGS-3662 - don't enforce PSa in 4.12 OCPBUGS-3667 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down OCPBUGS-3668 - 4.12.0-rc.0 fails to deploy on VMware IPI OCPBUGS-3676 - After node's reboot some pods fail to start - deleteLogicalPort failed for pod cannot delete GR SNAT for pod OCPBUGS-3693 - Router e2e: drop template.openshift.io apigroup dependency OCPBUGS-3709 - Special characters in subject name breaks prefilling role binding form OCPBUGS-3713 - [vsphere-problem-detector] fully qualified username must be used when checking permissions OCPBUGS-3714 - 'oc adm upgrade ...' should expose ClusterVersion Failing=True OCPBUGS-3739 - Pod stuck in containerCreating state when the node on which it is running is Terminated OCPBUGS-3744 - Egress router POD creation is failing while using openshift-sdn network plugin OCPBUGS-3755 - Create Alertmanager silence form does not explain the new "Negative matcher" option OCPBUGS-3761 - Consistent e2e test failure:Events.Events: event view displays created pod OCPBUGS-3765 - [RFE] Add kernel-rpm-macros to DTK image OCPBUGS-3771 - contrib/multicluster-environment.sh needs to be updated to work with ACM cluster proxy OCPBUGS-3776 - Manage columns tooltip remains displayed after dialog is closed OCPBUGS-3777 - [Dual Stack] ovn-ipsec crashlooping due to cert signing issues OCPBUGS-3797 - [4.13] Bump OVS control plane to get "ovsdb/transaction.c: Refactor assess_weak_refs." OCPBUGS-3822 - Cluster-admin cannot know whether operator is fully deleted or not after normal user trigger "Delete CSV" OCPBUGS-3827 - CCM not able to remove a LB in ERROR state OCPBUGS-3877 - RouteTargetReference missing default for "weight" in Route CRD v1 schema OCPBUGS-3880 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator OCPBUGS-3883 - Hosted ovnkubernetes pods are not being spread among workers evenly OCPBUGS-3896 - Console nav toggle button reports expanded in both expanded and not expanded states OCPBUGS-3904 - Delete/Add a failureDomain in CPMS to trigger update cannot work right on GCP OCPBUGS-3909 - Node is degraded when a machine config deploys a unit with content and mask=true OCPBUGS-3916 - expr for SDNPodNotReady is wrong due to there is not node label for kube_pod_status_ready OCPBUGS-3919 - Azure: unable to configure EgressIP if an ASG is set OCPBUGS-3921 - Openshift-install bootstrap operation cannot find a cloud defined in clouds.yaml in the current directory OCPBUGS-3923 - [CI] cluster-monitoring-operator produces more watch requests than expected OCPBUGS-3924 - Remove autoscaling/v2beta2 in 4.12 and later OCPBUGS-3929 - Use flowcontrol/v1beta2 for apf manifests in 4.13 OCPBUGS-3931 - When all extensions are installed, "libkadm5" rpm package is duplicated in the rpm -q command OCPBUGS-3933 - Fails to deprovision cluster when swift omits 'content-type' OCPBUGS-3945 - Handle 0600 kubeconfig OCPBUGS-3951 - Dynamic plugin extensions disappear from the UI when a codeRef fails to load OCPBUGS-3960 - Use kernel-rt from ose repo OCPBUGS-3965 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce OCPBUGS-3973 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue. OCPBUGS-3974 - CIRO panics when suspended flag is nil OCPBUGS-3975 - "Failed to open directory, disabling udev device properties" in node-exporter logs OCPBUGS-3978 - AWS EBS CSI driver operator is degraded without "CSISnapshot" capability OCPBUGS-3985 - Allow PSa enforcement in 4.13 by using featuresets OCPBUGS-3987 - Some nmstate validations are skipped when NM config is in agent-config.yaml OCPBUGS-3990 - HyperShift control plane operators have wrong priorityClass OCPBUGS-3993 - egressIP annotation including two interfaces when multiple networks OCPBUGS-4000 - fix operator naming convention OCPBUGS-4008 - Console deployment does not roll out when managed cluster configmap is updated OCPBUGS-4012 - Disabled Serverless add actions should not be displayed in topology menu OCPBUGS-4026 - Endless rerender loop and a stuck browser on the add and topology page when SBO is installed OCPBUGS-4047 - [CI-Watcher] e2e test flake: Create key/value secrets Validate a key/value secret OCPBUGS-4049 - MCO reconcile fails if user replace the pull secret to empty one OCPBUGS-4052 - [ALBO] OpenShift Load Balancer Operator does not properly support cluster wide proxy OCPBUGS-4054 - cluster-ingress-operator's configurable-route controller's startup is noisy OCPBUGS-4089 - Kube-State-metrics pod fails to start due to panic OCPBUGS-4090 - OCP on OSP - Image registry is deployed with cinder instead of swift storage backend OCPBUGS-4101 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting OCPBUGS-4110 - Form footer buttons are misaligned in web terminal form OCPBUGS-4119 - Random SYN drops in OVS bridges of OVN-Kubernetes OCPBUGS-4166 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13 OCPBUGS-4168 - Prometheus continuously restarts due to slow WAL replay OCPBUGS-4173 - vsphere-problem-detector should re-check passwords after change OCPBUGS-4181 - Prometheus and Alertmanager incorrect ExternalURL configured OCPBUGS-4184 - Use mTLS authentication for all monitoring components instead of bearer token OCPBUGS-4203 - Unnecessary padding around alert atop debug pod terminal OCPBUGS-4206 - getContainerStateValue contains incorrectly internationalized text OCPBUGS-4207 - Remove debug level logging on openshift-config-operator OCPBUGS-4219 - Add runbook link to PrometheusRuleFailures OCPBUGS-4225 - [4.13] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450 OCPBUGS-4232 - CNCC: Wrong log format for Azure locking OCPBUGS-4245 - L2 does not work if a metallb is not able to listen to arp requests on a single interface OCPBUGS-4252 - Node Terminal tab results in error OCPBUGS-4253 - Add PodNetworkConnectivityCheck for must-gather OCPBUGS-4266 - crio.service should use a more safe restart policy to provide recoverability against concurrency issues OCPBUGS-4279 - Custom Victory-Core components in monitoring ui code causing build issues OCPBUGS-4280 - Return 0 when oc import-image failed OCPBUGS-4282 - [IR-269]Can't pull sub-manifest image using imagestream of manifest list OCPBUGS-4291 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore. OCPBUGS-4293 - Specify resources.requests for operator pod OCPBUGS-4298 - Specify resources.requests for operator pod OCPBUGS-4302 - Specify resources.requests for operator pod OCPBUGS-4305 - [4.13] Improve ironic logging configuration in metal3 OCPBUGS-4317 - [IBM][4.13][Snapshot] restore size in snapshot is not the same size of pvc request size OCPBUGS-4328 - Update installer images to be consistent with ART OCPBUGS-434 - After FIPS enabled in S390X, ingress controller in degraded state OCPBUGS-4343 - Use flowcontrol/v1beta3 for apf manifests in 4.13 OCPBUGS-4347 - set TLS cipher suites in Kube RBAC sidecars OCPBUGS-4350 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely OCPBUGS-4352 - [RHOCP] HPA shows different API versions in web console OCPBUGS-4357 - Bump samples operator k8s dep to 1.25.2 OCPBUGS-4359 - cluster-dns-operator corrupts /etc/hosts when fs full OCPBUGS-4367 - Debug log messages missing from output and Info messages malformed OCPBUGS-4377 - Service name search ability while creating the Route from console OCPBUGS-4401 - limit cluster-policy-controller RBAC permissions OCPBUGS-4411 - ovnkube node pod crashed after converting to a dual-stack cluster network OCPBUGS-4417 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not OCPBUGS-4425 - Egress FW ACL rules are invalid in dualstack mode OCPBUGS-4447 - [MetalLB Operator] The CSV needs an update to reflect the correct version of operator OCPBUGS-446 - Cannot Add a project from DevConsole in airgap mode using git importing OCPBUGS-4483 - apply retry logic to ovnk-node controllers OCPBUGS-4490 - hypershift: csi-snapshot-controller uses wrong kubeconfig OCPBUGS-4491 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig OCPBUGS-4492 - [4.13] The property TransferProtocolType is required for VirtualMedia.InsertMedia OCPBUGS-4502 - [4.13] [OVNK] Add support for service session affinity timeout OCPBUGS-4516 - oc-mirror does not work as expected relative path for OCI format copy OCPBUGS-4517 - Better to detail the --command-os of mac for oc adm release extract command OCPBUGS-4521 - all kubelet targets are down after a few hours OCPBUGS-4524 - Hold lock when deleting completed pod during update event OCPBUGS-4525 - Don't log in iterateRetryResources when there are no retry entries OCPBUGS-4535 - There is no 4.13 gcp-filestore-csi-driver-operator version for test OCPBUGS-4536 - Image registry panics while deploying OCP in eu-south-2 AWS region OCPBUGS-4537 - Image registry panics while deploying OCP in eu-central-2 AWS region OCPBUGS-4538 - Image registry panics while deploying OCP in ap-south-2 AWS region OCPBUGS-4541 - Azure: remove deprecated ADAL OCPBUGS-4546 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4] OCPBUGS-4549 - Azure: replace deprecated AD Graph API OCPBUGS-4550 - [CI] console-operator produces more watch requests than expected OCPBUGS-4571 - The operator recommended namespace is incorrect after change installation mode to "A specific namespace on the cluster" OCPBUGS-4574 - Machine stuck in no phase when creating in a nonexistent zone and stuck in Deleting when deleting on GCP OCPBUGS-463 - OVN-Kubernetes should not send IPs with leading zeros to OVN OCPBUGS-4630 - Bump documentationBaseURL to 4.13 OCPBUGS-4635 - [OCP 4.13] ironic container images have old packages OCPBUGS-4638 - Support RHOBS monitoring for HyperShift in CNO OCPBUGS-4652 - Fixes for RHCOS 9 based on RHEL 9.0 OCPBUGS-4654 - Azure: UPI: Fix storage arm template to work with Galleries and MAO OCPBUGS-4659 - Network Policy executes duplicate transactions for every pod update OCPBUGS-4684 - In DeploymentConfig both the Form view and Yaml view are not in sync OCPBUGS-4689 - SNO not able to bring up Provisioning resource in 4.11.17 OCPBUGS-4691 - Topology sidebar actions doesn't show the latest resource data OCPBUGS-4692 - PTP operator: Use priority class node critical OCPBUGS-4700 - read-only update UX: confusing "Update blocked" pop-up OCPBUGS-4701 - read-only update UX: confusing "Control plane is hosted" banner OCPBUGS-4703 - Router can migrate to use LivenessProbe.TerminationGracePeriodSeconds OCPBUGS-4712 - ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged OCPBUGS-4724 - [4.13] egressIP annotations not present on OpenShift on Openstack multiAZ installation OCPBUGS-4725 - mapi_machinehealthcheck_short_circuit not properly reconciling causing MachineHealthCheckUnterminatedShortCircuit alert to fire OCPBUGS-4746 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS OCPBUGS-4756 - OLM generates invalid component selector labels OCPBUGS-4757 - Revert Catalog PSA decisions for 4.13 (OLM) OCPBUGS-4758 - Revert Catalog PSA decisions for 4.13 (Marketplace) OCPBUGS-4769 - Old AWS boot images vs. 4.12: unknown provider 'ec2' OCPBUGS-4780 - Update openshift/builder release-4.13 to go1.19 OCPBUGS-4781 - Get Helm Release seems to be using List Releases api OCPBUGS-4793 - CMO may generate Kubernetes events with a wrong object reference OCPBUGS-4802 - Update formatting with gofmt for go1.19 OCPBUGS-4825 - Pods completed + deleted may leak OCPBUGS-4827 - Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1 OCPBUGS-4873 - openshift-marketplace namespace missing "audit-version" and "warn-version" PSA label OCPBUGS-4874 - Baremetal host data is still sometimes required OCPBUGS-4883 - Default Git type to other info alert should get remove after changing the git type OCPBUGS-4894 - Disabled Serverless add actions should not be displayed for Knative Service OCPBUGS-4899 - coreos-installer output not available in the logs OCPBUGS-4900 - Volume limits test broken on AWS and GCP TechPreview clusters OCPBUGS-4906 - Cross-namespace template processing is not being tested OCPBUGS-4909 - Can't reach own service when egress netpol are enabled OCPBUGS-4913 - Need to wait longer for VM to obtain IP from DHCP OCPBUGS-4941 - Fails to deprovision cluster when swift omits 'content-type' and there are empty containers OCPBUGS-4950 - OLM K8s Dependencies should be at 1.25 OCPBUGS-4954 - [IBMCloud] COS Reclamation prevents ResourceGroup cleanup OCPBUGS-4955 - Bundle Unpacker Using "Always" ImagePullPolicy for digests OCPBUGS-4969 - ROSA Machinepool EgressIP Labels Not Discovered OCPBUGS-4975 - Missing translation in ceph storage plugin OCPBUGS-4986 - precondition: Do not claim warnings would have blocked OCPBUGS-4997 - Agent ISO does not respect proxy settings OCPBUGS-5001 - MachineConfigControllerPausedPoolKubeletCA should have a working runbook URI OCPBUGS-501 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver OCPBUGS-5010 - Should always delete the must-gather pod when run the must-gather OCPBUGS-5016 - Editing Pipeline in the ocp console to get information error OCPBUGS-5018 - Upgrade from 4.11 to 4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists. OCPBUGS-5036 - Cloud Controller Managers do not react to changes in configuration leading to assorted errors OCPBUGS-5045 - unit test data race with egress ip tests OCPBUGS-5068 - [4.13] virtual media provisioning fails when iLO Ironic driver is used OCPBUGS-5073 - Connection reset by peer issue with SSL OAuth Proxy when route objects are created more than 80. OCPBUGS-5079 - [CI Watcher] pull-ci-openshift-console-master-e2e-gcp-console jobs: Process did not finish before 4h0m0s timeout OCPBUGS-5085 - Should only show the selected catalog when after apply the ICSP and catalogsource OCPBUGS-5101 - [GCP] [capi] Deletion of cluster is happening , it shouldn't be allowed OCPBUGS-5116 - machine.openshift.io API is not supported in Machine API webhooks OCPBUGS-512 - Permission denied when write data to mounted gcp filestore volume instance OCPBUGS-5124 - kubernetes-nmstate does not pass CVP tests in 4.12 OCPBUGS-5136 - provisioning on ilo4-virtualmedia BMC driver fails with error: "Creating vfat image failed: Unexpected error while running command" OCPBUGS-5140 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s OCPBUGS-5151 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install OCPBUGS-5164 - Add support for API version v1beta1 for knativeServing and knativeEventing OCPBUGS-5165 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX OCPBUGS-5182 - [azure] Fail to create master node with vm size in family ECIADSv5 and ECIASv5 OCPBUGS-5184 - [azure] Fail to create master node with vm size in standardNVSv4Family OCPBUGS-5188 - Wrong message in MCCDrainError alert OCPBUGS-5234 - [azure] Azure Stack Hub (wwt) UPI installation failed to scale up worker nodes using machinesets OCPBUGS-5235 - mapi_instance_create_failed metric cannot work when set acceleratedNetworking: true on Azure OCPBUGS-5269 - remove unnecessary RBAC in KCM: file removal OCPBUGS-5275 - remove unnecessary RBAC in OCM OCPBUGS-5287 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail OCPBUGS-5292 - Multus: Interface name contains an invalid character / [ocp 4.13] OCPBUGS-5300 - WriteRequestBodies audit profile records routes/status events at RequestResponse level OCPBUGS-5306 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network OCPBUGS-5346 - Reported vSphere Connection status is misleading OCPBUGS-5347 - Clusteroperator Available condition is updated every 2 mins when operator is disabled OCPBUGS-5353 - Dashboard graph should not be stacked - Kubernetes / Compute Resources / Pod Dashboard OCPBUGS-5410 - [AWS-EBS-CSI-Driver] provision volume using customer kms key couldn't restore its snapshot successfully OCPBUGS-5423 - openshift-marketplace pods cause PodSecurityViolation alert to fire OCPBUGS-5428 - Many plugin SDK extension docs are missing descriptions OCPBUGS-5432 - Downstream Operator-SDK v1.25.1 to OCP 4.13 OCPBUGS-5458 - wal: max entry size limit exceeded OCPBUGS-5465 - Context Deadline exceeded when PTP service is disabled from the switch OCPBUGS-5466 - Default CatalogSource aren't always reverted to default settings OCPBUGS-5492 - CI "[Feature:bond] should create a pod with bond interface" fail for MTU migration jobs OCPBUGS-5497 - MCDRebootError alarm disappears after 15 minutes OCPBUGS-5498 - Host inventory quick start for OCP OCPBUGS-5505 - Upgradeability check is throttled too much and with unnecessary non-determinism OCPBUGS-5508 - Report topology usage in vSphere environment via telemetry OCPBUGS-5517 - [Azure/ARO] Update Azure SDK to v63.1.0+incompatible OCPBUGS-5520 - MCDPivotError alert fires due temporary transient failures OCPBUGS-5523 - Catalog, fatal error: concurrent map read and map write OCPBUGS-5524 - Disable vsphere intree tests that exercise multiple tests OCPBUGS-5534 - [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn't appear after ODF upgrade resulting in dashboard crash OCPBUGS-5540 - Typo in WTO for Milliseconds OCPBUGS-5542 - Project dropdown order is not as smart as project list page order OCPBUGS-5546 - Machine API Provider Azure should not modify the Machine spec OCPBUGS-5547 - Webhook Secret (1 of 2) is not removed when Knative Service is deleted OCPBUGS-5559 - add default noProxy config for Azure OCPBUGS-5733 - [Openshift Pipelines] Description of parameters are not shown in pipelinerun description page OCPBUGS-5734 - Azure: VIP 168.63.129.16 should be noProxy to all clouds except Public OCPBUGS-5736 - The main section of the page will keep loading after normal user login OCPBUGS-5759 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled OCPBUGS-5802 - update sprig to v3 in cno OCPBUGS-5836 - Incorrect redirection when user try to download windows oc binary OCPBUGS-5842 - executes /host/usr/bin/oc OCPBUGS-5851 - [CI-Watcher]: Using OLM descriptor components deletes operand OCPBUGS-5873 - etcd_object_counts is deprecated and replaced with apiserver_storage_objects, causing "etcd Object Count" dashboard to only show OpenShift resources OCPBUGS-5888 - Failed to install 4.13 ocp on SNO with "error during syncRequiredMachineConfigPools" OCPBUGS-5891 - oc-mirror heads-only does not work with target name OCPBUGS-5903 - gather default ingress controller definition OCPBUGS-5922 - [2047299 Jira placeholder] nodeport not reachable port connection timeout OCPBUGS-5939 - revert "force cert rotation every couple days for development" in 4.13 OCPBUGS-5948 - Runtime error using API Explorer with AdmissionReview resource OCPBUGS-5949 - oc --icsp mapping scope does not match openshift icsp mapping scope OCPBUGS-5959 - [4.13] Bootimage bump tracker OCPBUGS-5988 - Degraded etcd on assisted-installer installation- bootstrap etcd is not removed properly OCPBUGS-5991 - Kube APIServer panics in admission controller OCPBUGS-5997 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered OCPBUGS-6004 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10" OCPBUGS-6011 - openshift-client package has wrong version of kubectl bundled OCPBUGS-6018 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades OCPBUGS-6026 - cannot change /etc folder ownership inside pod OCPBUGS-6033 - metallb 4.12.0-202301042354 (OCP 4.12) refers to external image OCPBUGS-6049 - Do not show UpdateInProgress when status is Failing OCPBUGS-6053 - availableUpdates: null results in run-time error on Cluster Settings page OCPBUGS-6055 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41 OCPBUGS-6063 - PVs(vmdk) get deleted when scaling down machineSet with vSphere IPI OCPBUGS-6089 - Unnecessary event reprocessing OCPBUGS-6092 - ovs-configuration.service fails - Error: Connection activation failed: No suitable device found for this connection OCPBUGS-6097 - CVO hotloops on ImageStream and logs the information incorrectly OCPBUGS-6098 - Show Git icon and URL in repository link in PLR details page should be based on the git provider OCPBUGS-6101 - Daemonset is not upgraded after operator upgrade OCPBUGS-6175 - Image registry Operator does not use Proxy when connecting to openstack OCPBUGS-6185 - Update 4.13 ose-cluster-config-operator image to be consistent with ART OCPBUGS-6187 - Update 4.13 openshift-state-metrics image to be consistent with ART OCPBUGS-6189 - Update 4.13 ose-cluster-authentication-operator image to be consistent with ART OCPBUGS-6191 - Update 4.13 ose-network-metrics-daemon image to be consistent with ART OCPBUGS-6197 - Update 4.13 ose-openshift-apiserver image to be consistent with ART OCPBUGS-6201 - Update 4.13 openshift-enterprise-pod image to be consistent with ART OCPBUGS-6202 - Update 4.13 ose-cluster-kube-apiserver-operator image to be consistent with ART OCPBUGS-6213 - Update 4.13 ose-machine-config-operator image to be consistent with ART OCPBUGS-6222 - Update 4.13 ose-alibaba-cloud-csi-driver image to be consistent with ART OCPBUGS-6228 - Update 4.13 coredns image to be consistent with ART OCPBUGS-6231 - Update 4.13 ose-kube-storage-version-migrator image to be consistent with ART OCPBUGS-6232 - Update 4.13 marketplace-operator image to be consistent with ART OCPBUGS-6233 - Update 4.13 ose-cluster-openshift-apiserver-operator image to be consistent with ART OCPBUGS-6234 - Update 4.13 ose-cluster-bootstrap image to be consistent with ART OCPBUGS-6235 - Update 4.13 cluster-network-operator image to be consistent with ART OCPBUGS-6238 - Update 4.13 oauth-server image to be consistent with ART OCPBUGS-6240 - Update 4.13 ose-cluster-kube-storage-version-migrator-operator image to be consistent with ART OCPBUGS-6241 - Update 4.13 operator-lifecycle-manager image to be consistent with ART OCPBUGS-6247 - Update 4.13 ose-cluster-ingress-operator image to be consistent with ART OCPBUGS-6262 - Add more logs to "oc extract" in mco-first boot service OCPBUGS-6265 - When installing SNO with bootstrap in place it takes CVO 6 minutes to acquire the leader lease OCPBUGS-6270 - Irrelevant vsphere platform data is required OCPBUGS-6272 - E2E tests: Entire pipeline flow from Builder page Start the pipeline with workspace OCPBUGS-631 - machineconfig service is failed to start because Podman storage gets corrupted OCPBUGS-6486 - Image upload fails when installing cluster OCPBUGS-6503 - admin ack test nondeterministically does a check post-upgrade OCPBUGS-6504 - IPI Baremetal Master Node in DualStack getting fd69:: address randomly, OVN CrashLoopBackOff OCPBUGS-6507 - Don't retry network policy peer pods if ips couldn't be fetched OCPBUGS-6577 - Node-exporter NodeFilesystemAlmostOutOfSpace alert exception needed OCPBUGS-6610 - Developer - Topology : 'Filter by resource' drop-down i18n misses OCPBUGS-6621 - Image registry panics while deploying OCP in ap-southeast-4 AWS region OCPBUGS-6624 - Issue deploying the master node with IPI OCPBUGS-6634 - Let the console able to build on other architectures and compatible with prow builds OCPBUGS-6646 - Ingress node firewall CI is broken with latest OCPBUGS-6647 - User Preferences - Applications : Resource type drop-down i18n misses OCPBUGS-6651 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy OCPBUGS-6660 - Uninstall Operator? modal instructions always reference optional checkbox OCPBUGS-6663 - Platform baremetal warnings during create image when fields not defined OCPBUGS-6682 - [OVN] ovs-configuration vSphere vmxnet3 allmulti workaround is now permanent OCPBUGS-6698 - Fix conflict error message in cluster-ingress-operator's ensureNodePortService OCPBUGS-6700 - Cluster-ingress-operator's updateIngressClass function logs success message when error OCPBUGS-6701 - The ingress-operator spuriously updates ingressClass on startup OCPBUGS-6714 - Traffic from egress IPs was interrupted after Cluster patch to Openshift 4.10.46 OCPBUGS-672 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes OCPBUGS-6722 - s390x: failed to generate asset "Image": multiple "disk" artifacts found OCPBUGS-6730 - Pod latency spikes are observed when there is a compaction/leadership transfer OCPBUGS-6731 - Gathered Environment variables (HTTP_PROXY/HTTPS_PROXY) may contain sensible information and should be obfuscated OCPBUGS-6741 - opm fails to serve FBC if cachedir not provided OCPBUGS-6757 - Pipeline Repository (Pipeline-as-Code) list page shows an empty Event type column OCPBUGS-6760 - Couldn't update/delete cpms on gcp private cluster OCPBUGS-6762 - Enhance the user experience for the name-filter-input on Metrics target page OCPBUGS-6765 - "Delete dependent objects of this resource" might cause confusions OCPBUGS-6777 - [gcp][CORS-1988] "create manifests" without an existing "install-config.yaml" missing 4 YAML files in "/openshift" which leads to "create cluster" failure OCPBUGS-6781 - gather Machine objects OCPBUGS-6797 - Empty IBMCOS storage config causes operator to crashloop OCPBUGS-6799 - Repositories list does not show the running pipelinerun as last pipelinerun OCPBUGS-6809 - Uploading large layers fails with "blob upload invalid" OCPBUGS-6811 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13 OCPBUGS-6821 - Update NTO images to be consistent with ART OCPBUGS-6832 - Include openshift_apps_deploymentconfigs_strategy_total to recent_metrics OCPBUGS-6893 - Dev console doesn't finish loading for users with limited access OCPBUGS-6902 - 4.13-e2e-metal-ipi-upgrade-ovn-ipv6 on permafail OCPBUGS-6917 - MultinetworkPolicy: unknown service runtime.v1alpha2.RuntimeService OCPBUGS-6925 - Update OWNERS_ALIASES in release-4.13 branch OCPBUGS-6945 - OS Release reports incorrect version ID OCPBUGS-6953 - ovnkube-master panic nil deref OCPBUGS-6955 - panic in an ovnkube-master pod OCPBUGS-6962 - 'agent_installer' invoker not showing up in telemetry OCPBUGS-6977 - pod-identity-webhook replicas=2 is failing single node jobs OCPBUGS-6978 - Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1 OCPBUGS-6994 - All Clusters perspective is not activated automatically when ACM is installed OCPBUGS-702 - The caBundle field of alertmanagerconfigs.monitoring.coreos.com crd is getting removed OCPBUGS-7031 - Pipelines repository list and creation form doesn't show Tech Preview status OCPBUGS-7090 - Add to navigation button in search result does nothing OCPBUGS-7102 - OLM downstream utest fails due to new release-XX+1 branch creation OCPBUGS-7106 - network-tools needs to be updated to give ovn-k master leader info OCPBUGS-7118 - OCP 4.12 does not support launching SGX enclaves OCPBUGS-7144 - On mobile screens, At pipeline details page the info alert on metrics tab is not showing correctly OCPBUGS-7149 - IPv6 multinode spoke no moving from rebooting/configuring stage OCPBUGS-7173 - [OVN] DHCP timeouts on Azure arm64, install fails OCPBUGS-7180 - [4.13] Bootimage bump tracker OCPBUGS-7186 - [gcp][CORS-2424] with "secureBoot" enabled, after deleting control-plane machine, the new machine is created with "enableSecureBoot" being False unexpectedly OCPBUGS-7195 - [CI-Watcher] e2e issue with tests: Create Samples Page Timeout Error OCPBUGS-7199 - [CI-Watcher] e2e issue with tests: Interacting with CatalogSource page OCPBUGS-7204 - Manifests generated to multiple "results-xxx" folders when using the oci feature with OCI and nonOCI catalogs OCPBUGS-7207 - MTU migration configuration is cleaned up prematurely while in progress OCPBUGS-723 - ClusterResourceQuota values are not reflecting. OCPBUGS-7268 - [4.13] Modify the PSa pod extractor to mutate pod controller pod specs OCPBUGS-7284 - Hypershift failing new SCC conformance tests OCPBUGS-7291 - ptp keeps trying to start phc2sys even if it's configured as empty string in phc2sysOpts OCPBUGS-7293 - RHCOS 9.2 Failing to Bootstrap on Metal, OpenStack, vSphere (all baremetal runtime platforms) OCPBUGS-7300 - aws-ebs-csi-driver-operator crash loops with HC proxy configured OCPBUGS-7301 - Not possible to use certain start addresses in whereabouts IPv6 range [Backport 4.13] OCPBUGS-7308 - Download kubeconfig for ServiceAccount returns error OCPBUGS-7354 - Installation failed on Azure SDN as network is degraded OCPBUGS-7356 - Default channel on OCP 4.13 should be stable-4.13 OCPBUGS-7359 - [Azure] Replace master failed as new master did not add into lb backend OCPBUGS-736 - Kuryr uses default MTU for service network OCPBUGS-7366 - [gcp] New machine stuck in Provisioning when delete one zone from cpms on gcp with customer vpc OCPBUGS-7372 - fail early on missing node status envs OCPBUGS-7374 - set default timeouts in etcdcli OCPBUGS-7391 - Monitoring operator long delay reconciling extension-apiserver-authentication OCPBUGS-7399 - In the Edit application mode, the name of the added pipeline is not displayed anymore OCPBUGS-7408 - AzureDisk CSI driver does not compile with cachito OCPBUGS-7412 - gomod dependencies failures in 4.13-4.14 container builds OCPBUGS-7417 - gomod dependencies failures in 4.13-4.14 container builds OCPBUGS-7418 - Default values for Scaling fields is not set in Create Serverless function form OCPBUGS-7419 - CVO delay when setting clusterversion available status to true
    OCPBUGS-7421 - Missing i18n key for PAC section in Git import form OCPBUGS-7424 - Bump cluster-ingress-operator to k8s APIs v0.26.1 OCPBUGS-7427 - dynamic-demo-plugin.spec.ts requires 10 minutes of unnecessary wait time OCPBUGS-7438 - Egress service does not handle invalid nodeSelectors correctly OCPBUGS-7482 - Fix handling of single failure-domain (non-tagged) deployments in vsphere OCPBUGS-7483 - Hypershift installs on "platform: none" are broken OCPBUGS-7488 - test flake: should not reconcile SC when state is Unmanaged OCPBUGS-7495 - Platform type is ignored OCPBUGS-7517 - Helm page crashes on old releases with a new Secret OCPBUGS-7519 - NFS Storage Tests trigger Kernel Panic on Azure and Metal OCPBUGS-7523 - Add new AWS regions for ROSA OCPBUGS-7542 - Bump router to k8s APIs v0.26.1 OCPBUGS-7555 - Enable default sysctls for kubelet OCPBUGS-7558 - Rebase coredns to 1.10.1 OCPBUGS-7563 - vSphere install can't complete with out-of-tree CCM OCPBUGS-7579 - [azure] failed to parse client certificate when using certificate-based Service Principal with passpharse OCPBUGS-7611 - PTPOperator config transportHost with AMQ is not detected OCPBUGS-7616 - vSphere multiple in-tree test failures (non-zonal) OCPBUGS-7617 - Azure Disk volume is taking time to attach/detach OCPBUGS-7622 - vSphere UPI jobs failing with 'Managed cluster should have machine resources' OCPBUGS-7648 - Bump cluster-dns-operator to k8s APIs v0.26.1 OCPBUGS-7689 - Project Admin is able to Label project with empty string in RHOCP 4 OCPBUGS-7696 - [ Azure ]not able to deploy machine with publicIp:true OCPBUGS-7707 - /etc/NetworkManager/dispatcher.d needs to be relabeled during pivot from 8.6 to 9.2 OCPBUGS-7719 - Update to 4.13.0-ec.3 stuck on leaked MachineConfig OCPBUGS-7729 - Remove ETCD liviness probe. OCPBUGS-7731 - Need to cancel threads when agent-tui timeout is stopped OCPBUGS-7733 - Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2 OCPBUGS-7743 - SNO upgrade from 4.12 to 4.13 rhel9.2 is broken cause of dnsmasq default config OCPBUGS-7750 - fix gofmt check issue in network-metrics-daemon OCPBUGS-7754 - ART having trouble building olm images OCPBUGS-7774 - RawCNIConfig is printed in byte representation on failure, not human readable OCPBUGS-7785 - migrate to using Lease for leader election OCPBUGS-7806 - add "nfs-export" under PV details page OCPBUGS-7809 - sg3_utils package is missing in the assisted-installer-agent Docker file OCPBUGS-781 - ironic-proxy is using a deprecated field to fetch cluster VIP OCPBUGS-7833 - Storage tests failing in no-capabilities job OCPBUGS-7837 - hypershift: aws-ebs-csi-driver-operator uses guest cluster proxy causing PV provisioning failure OCPBUGS-7860 - [azure] message is unclear when missing clientCertificatePassword in osServicePrincipal.json OCPBUGS-7876 - [Descheduler] Enabling LifeCycleUtilization to test namespace filtering does not work OCPBUGS-7879 - Devfile isn't be processed correctly on 'Add from git repo' OCPBUGS-7896 - MCO should not add keepalived pod manifests in case of VSPHERE UPI OCPBUGS-7899 - ODF Monitor pods failing to be bounded because timeout issue with thin-csi SC OCPBUGS-7903 - Pool degraded with error: rpm-ostree kargs: signal: terminated OCPBUGS-7909 - Baremetal runtime prepender creates /etc/resolv.conf mode 0600 and bad selinux context OCPBUGS-794 - OLM version rule is not clear OCPBUGS-7940 - apiserver panics in admission controller OCPBUGS-7943 - AzureFile CSI driver does not compile with cachito OCPBUGS-7970 - [E2E] Always close the filter dropdown in listPage.filter.by OCPBUGS-799 - Reply packet for DNS conversation to service IP uses pod IP as source OCPBUGS-8066 - Create Serverless Function form breaks if Pipeline Operator is not installed OCPBUGS-8086 - Visual issues with listing items OCPBUGS-8243 - [release 4.13] Gather Monitoring pods' Persistent Volumes OCPBUGS-8308 - Bump openshift/kubernetes to 1.26.2 OCPBUGS-8312 - IPI on Power VS clusters cannot deploy MCO OCPBUGS-8326 - Azure cloud provider should use Kubernetes 1.26 dependencies OCPBUGS-8341 - Unable to set capabilities with agent installer based installation OCPBUGS-8342 - create cluster-manifests fails when imageContentSources is missing OCPBUGS-8353 - PXE support is incomplete OCPBUGS-8381 - Console shows x509 error when requesting token from oauth endpoint OCPBUGS-8401 - Bump openshift/origin to kube 1.26.2 OCPBUGS-8424 - ControlPlaneMachineSet: Machine's Node should be Ready to consider the Machine Ready OCPBUGS-8445 - cgroups default setting in OCP 4.13 generates extra MachineConfig OCPBUGS-8463 - OpenStack Failure domains as 4.13 TechPreview OCPBUGS-8471 - [4.13] egress firewall only createas 1 acl for long namespace names OCPBUGS-8475 - TestBoundTokenSignerController causes unrecoverable disruption in e2e-gcp-operator CI job OCPBUGS-8481 - CAPI rebases 4.13 backports OCPBUGS-8490 - agent-tui: display additional checks only when primary check fails OCPBUGS-8498 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets OCPBUGS-8505 - [4.13] egress firewall acls are deleted on restart OCPBUGS-8511 - [4.13+ ONLY] Don't use port 80 in bootstrap IPI bare metal OCPBUGS-855 - When setting allowedRegistries urls the openshift-samples operator is degraded OCPBUGS-859 - monitor not working with UDP lb when externalTrafficPolicy: Local OCPBUGS-860 - CSR are generated with incorrect Subject Alternate Names OCPBUGS-8699 - Metal IPI Install Rate Below 90% OCPBUGS-8701 - oc patch project not working with OCP 4.12 OCPBUGS-8702 - OKD SCOS: remove workaround for rpm-ostree auth OCPBUGS-8703 - fails to switch to kernel-rt with rhel 9.2 OCPBUGS-8710 - [4.13] don't enforce PSa in 4.13 OCPBUGS-8712 - AES-GCM encryption at rest is not supported by kube-apiserver-operator OCPBUGS-8719 - Allow the user to scroll the content of the agent-tui details view OCPBUGS-8741 - [4.13] Pods in same deployment will have different ability to query services in same namespace from one another; ocp 4.10 OCPBUGS-8742 - Origin tests should not specify readyz as the health check path OCPBUGS-881 - fail to create install-config.yaml as apiVIP and ingressVIP are not in machine networks OCPBUGS-8941 - Introduce tooltips for contextual information OCPBUGS-904 - Alerts from MCO are missing namespace OCPBUGS-9079 - ICMP fragmentation needed sent to pods behind a service don't seem to reach the pods OCPBUGS-91 - [ExtDNS] New TXT record breaks downward compatibility by retroactively limiting record length OCPBUGS-9132 - WebSCale: ovn logical router polices incorrect/l3 gw config not updated after IP change OCPBUGS-9185 - Pod latency spikes are observed when there is a compaction/leadership transfer OCPBUGS-9233 - ConsoleQuickStart {{copy}} and {{execute}} features do not work in some cases OCPBUGS-931 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs OCPBUGS-9338 - editor toggle radio input doesn't have distinguishable attributes OCPBUGS-9389 - Detach code in vsphere csi driver is failing OCPBUGS-948 - OLM sets invalid SCC label on its namespaces OCPBUGS-95 - NMstate removes egressip in OpenShift cluster with SDN plugin OCPBUGS-9913 - bacport tests for PDBUnhealthyPodEvictionPolicy as Tech Preview OCPBUGS-9924 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag OCPBUGS-9926 - Enable node healthz server for ovnk in CNO OCPBUGS-9951 - fails to reconcile to RT kernel on interrupted updates OCPBUGS-9957 - Garbage collect grafana-dashboard-etcd OCPBUGS-996 - Control Plane Machine Set Operator OnDelete update should cause an error when more than one machine is ready in an index OCPBUGS-9963 - Better to change the error information more clearly to help understand OCPBUGS-9968 - Operands running management side missing affinity, tolerations, node selector and priority rules than the operator

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-4235 https://access.redhat.com/security/cve/CVE-2021-4238 https://access.redhat.com/security/cve/CVE-2021-20329 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-43519 https://access.redhat.com/security/cve/CVE-2021-44964 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1587 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2990 https://access.redhat.com/security/cve/CVE-2022-3080 https://access.redhat.com/security/cve/CVE-2022-3259 https://access.redhat.com/security/cve/CVE-2022-4203 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-23525 https://access.redhat.com/security/cve/CVE-2022-23526 https://access.redhat.com/security/cve/CVE-2022-26280 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-38023 https://access.redhat.com/security/cve/CVE-2022-38177 https://access.redhat.com/security/cve/CVE-2022-38178 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-41316 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41721 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-42919 https://access.redhat.com/security/cve/CVE-2022-46146 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0056 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0216 https://access.redhat.com/security/cve/CVE-2023-0217 https://access.redhat.com/security/cve/CVE-2023-0229 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0401 https://access.redhat.com/security/cve/CVE-2023-0620 https://access.redhat.com/security/cve/CVE-2023-0665 https://access.redhat.com/security/cve/CVE-2023-0778 https://access.redhat.com/security/cve/CVE-2023-25000 https://access.redhat.com/security/cve/CVE-2023-25165 https://access.redhat.com/security/cve/CVE-2023-25173 https://access.redhat.com/security/cve/CVE-2023-25577 https://access.redhat.com/security/cve/CVE-2023-25725 https://access.redhat.com/security/cve/CVE-2023-25809 https://access.redhat.com/security/cve/CVE-2023-27561 https://access.redhat.com/security/cve/CVE-2023-28642 https://access.redhat.com/security/cve/CVE-2023-30570 https://access.redhat.com/security/cve/CVE-2023-30841 https://access.redhat.com/security/updates/classification/#important https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBZGVrhNzjgjWX9erEAQjD7BAAihZ8nlrasEU8QISGjHMUkUXKPHgV6LlZ IT2h0MLam8ICSCDdZ8PUVXhWP+CTTIYYdpEPTaIdKdB16iecRXm2ML8GtQ38zSjC LpCB4NUmAdoH91FbT2oazgrCgg+2hizfufLYk/8nNm9yVR0zT5kZbuXMFZH/PbCb dYYyRsXsNt4+MpaWGf1q3jS7OX8l5UXbfO+nnKHWoow5/PeclygxFbRclr7o62Dy tnfgs+OwbroI6L0nohsUTk4Es1koyD8FaGdo28ViLcgVH1VDhBqzHXSAe1P+XmAc PSG6slSRIrgJpARfN8OEI89wfI+ttyqEi4yAdoKjCo/pbshhLw3JZQcavmQc8XEK o1afTtx0XFHJsAdZRjvq+7zExqnDANRLbtkkYG2gYuc8LgGmh6P0ZlhxQFMS3f/T cTLSLaP6XSnHQaJyc0kqULHcWBZRzepcIDPYkmTCbCVCwLjXuIoF6eMQvo7eRXCy 4qN3nT0+M90jWxf/uQzo9NpeWFB7y2cccHMvaPzZ8cAAxpwM3Rphutu9lzRfJCl8 TMincIMIFq3vLmrfxHX5YOKfgH/Kjc06TbtnzxtucFQVNFxyKIWKgJB/hl1mGDTJ 8cibppoX+mLmUirPuu+5JwaAmq7skX5HKX3r3t8sajmij17nS2Ff8q52ZLgdZQ6H XbiJN3SZj5U= =WGO2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.7.3 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/release_notes/

    Security fix(es) * CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability * CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint * CVE-2023-29017 vm2: Sandbox Escape * CVE-2023-29199 vm2: Sandbox Escape * CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2139426 - CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint 2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability 2185374 - CVE-2023-29017 vm2: sandbox escape 2187409 - CVE-2023-29199 vm2: Sandbox Escape 2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux AppStream (v. 9) - noarch Red Hat Enterprise Linux CRB (v. 9) - aarch64, noarch, x86_64

    1. Description:

    EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

    Security Fix(es):

    • openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

    • edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation (CVE-2021-38578)

    • openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)

    • openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)

    • openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1960321 - CVE-2021-38578 edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation 1983086 - Assertion failure when creating 1024 VCPU VM: [...]UefiCpuPkg/CpuMpPei/CpuBist.c(186): !EFI_ERROR (Status) 2125336 - Please add edk2-aarch64 and edk2-tools to CRB in RHEL 9 2132951 - edk2: Sort traditional virtualization builds before Confidential Computing builds 2157656 - [edk2] [aarch64] Unable to initialize EFI firmware when using edk2-aarch64-20221207gitfff6d81270b5-1.el9 in some hardwares 2162307 - Broken GRUB output on a serial console 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex 2168046 - [edk2] BIOS Release Date string is unexpected length 2174605 - [EDK2] disable dynamic mmio window

    1. Package List:

    Red Hat Enterprise Linux AppStream (v. 9):

    Source: edk2-20221207gitfff6d81270b5-9.el9_2.src.rpm

    noarch: edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm edk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch.rpm

    Red Hat Enterprise Linux CRB (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. Summary:

    The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):

    2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics

    1. Description:

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.redhat.com/):

    JWS-2933 - Update openssl from JBCS to versions from 2.4.51-SP2

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2139896 - Requested TSC frequency outside tolerance range & TSC scaling not supported 2145146 - CDI operator is not creating PrometheusRule resource with alerts if CDI resource is incorrect 2148383 - Migration metrics values are not sum up values from all VMIs 2149409 - HPP mounter deployment can't mount as unprivileged 2168489 - Overview -> Migrations - The ?Bandwidth consumption? Graph display with wrong values 2184435 - [cnv-4.12] virt-handler should not delete any pre-configured mediated devices i these are provided by an external provider 2222191 - [cnv-4.12] manually increasing the number of virt-api pods does not work

    5

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202302-0195",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ucosminexus application server",
            "scope": null,
            "trust": 1.6,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "ucosminexus service platform",
            "scope": null,
            "trust": 1.6,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "ucosminexus primary server base",
            "scope": null,
            "trust": 1.6,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "3.0.0"
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.3.16"
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.0.0"
          },
          {
            "model": "openssl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.1.1t"
          },
          {
            "model": "openssl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "3.0.8"
          },
          {
            "model": "openssl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.1.1"
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.4.0"
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.6.3"
          },
          {
            "model": "jp1/navigation platform for developers",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/it desktop management 2 - operations director",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "ucosminexus service architect",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "\u5f97\u9078\u8857\u30fbgcb",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "ucosminexus application server-r",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "iot \u5171\u901a\u57fa\u76e4",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/data highway - server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/automatic job management system 3 - manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/it desktop management 2 - smart device manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/performance management",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/it desktop management 2 - manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/service support starter edition",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/automatic job management system 3 - definitions assistant",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "connexive application platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/service support",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "ucosminexus developer",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "vran",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/automatic operation",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "connexive pf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/snmp system observer",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "esmpro/serveragent",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "openssl",
            "scope": null,
            "trust": 0.8,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": "nec multimedia olap for \u6620\u50cf\u5206\u6790\u30b5\u30fc\u30d3\u30b9",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "ix \u30eb\u30fc\u30bf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/base",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "neoface monitor",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "spoolserver/reportfiling",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u74b0\u5883 for java",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/navigation platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "cosminexus http server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "nec enhanced speech analysis",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/file transmission server/ftp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/operations analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "\u990a\u6b96\u9b5a\u30b5\u30a4\u30ba\u6e2c\u5b9a\u81ea\u52d5\u5316\u30b5\u30fc\u30d3\u30b9",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/data highway - server starter edition",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "webotx application server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4450"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.0.8",
                    "versionStartIncluding": "3.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.1.1t",
                    "versionStartIncluding": "1.1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.6.3",
                    "versionStartIncluding": "4.4.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3.16",
                    "versionStartIncluding": "4.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-4450"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "db": "PACKETSTORM",
            "id": "172441"
          },
          {
            "db": "PACKETSTORM",
            "id": "171957"
          },
          {
            "db": "PACKETSTORM",
            "id": "172460"
          },
          {
            "db": "PACKETSTORM",
            "id": "172238"
          },
          {
            "db": "PACKETSTORM",
            "id": "172147"
          },
          {
            "db": "PACKETSTORM",
            "id": "172733"
          },
          {
            "db": "PACKETSTORM",
            "id": "174517"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2022-4450",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-4450",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-4450",
                "trust": 1.8,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4450"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. \nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack. \n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected. \n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0. \n\nThe OpenSSL asn1parse command line application is also impacted by this issue. OpenSSL has payload data 0 become a part-time worker PEM When creating a file, PEM_read_bio_ex() A double free vulnerability exists because when returns a failure code, it introduces a pointer to an already freed buffer into the header argument.Malicious by attacker PEM Denial of service by providing files ( crash ) It may be in a state. Bugs fixed (https://bugzilla.redhat.com/):\n\n2212085 - CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: OpenShift Container Platform 4.13.0 security update\nAdvisory ID:       RHSA-2023:1326-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:1326\nIssue date:        2023-05-17\nCVE Names:         CVE-2021-4235 CVE-2021-4238 CVE-2021-20329 \n                   CVE-2021-38561 CVE-2021-43519 CVE-2021-44964 \n                   CVE-2022-1271 CVE-2022-1586 CVE-2022-1587 \n                   CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 \n                   CVE-2022-2509 CVE-2022-2990 CVE-2022-3080 \n                   CVE-2022-3259 CVE-2022-4203 CVE-2022-4304 \n                   CVE-2022-4450 CVE-2022-21698 CVE-2022-23525 \n                   CVE-2022-23526 CVE-2022-26280 CVE-2022-27191 \n                   CVE-2022-29154 CVE-2022-29824 CVE-2022-34903 \n                   CVE-2022-38023 CVE-2022-38177 CVE-2022-38178 \n                   CVE-2022-40674 CVE-2022-41316 CVE-2022-41717 \n                   CVE-2022-41721 CVE-2022-41723 CVE-2022-41724 \n                   CVE-2022-41725 CVE-2022-42010 CVE-2022-42011 \n                   CVE-2022-42012 CVE-2022-42898 CVE-2022-42919 \n                   CVE-2022-46146 CVE-2022-47629 CVE-2023-0056 \n                   CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 \n                   CVE-2023-0229 CVE-2023-0286 CVE-2023-0361 \n                   CVE-2023-0401 CVE-2023-0620 CVE-2023-0665 \n                   CVE-2023-0778 CVE-2023-25000 CVE-2023-25165 \n                   CVE-2023-25173 CVE-2023-25577 CVE-2023-25725 \n                   CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 \n                   CVE-2023-30570 CVE-2023-30841 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.13.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.13. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.13.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2023:1325\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as\nrandom as they should be (CVE-2021-4238)\n\n* go-yaml: Denial of Service in go-yaml (CVE-2021-4235)\n\n* mongo-go-driver: specific cstrings input may not be properly validated\n(CVE-2021-20329)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* helm: Denial of service through through repository index file\n(CVE-2022-23525)\n\n* helm: Denial of service through schema file (CVE-2022-23526)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* vault: insufficient certificate revocation list checking (CVE-2022-41316)\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2\nrequests (CVE-2022-41717)\n\n* x/net/http2/h2c: request smuggling (CVE-2022-41721)\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK\ndecoding (CVE-2022-41723)\n\n* golang: crypto/tls: large handshake records may cause panics\n(CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive\nresource consumption (CVE-2022-41725)\n\n* exporter-toolkit: authentication bypass via cache poisoning\n(CVE-2022-46146)\n\n* vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL\nInjection Via Configuration File (CVE-2023-0620)\n\n* hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize\nAccess to Issuer Metadata (CVE-2023-0665)\n\n* hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations\n(CVE-2023-25000)\n\n* helm: getHostByName Function Information Disclosure (CVE-2023-25165)\n\n* containerd: Supplementary groups are not set up properly (CVE-2023-25173)\n\n* runc: volume mount race condition (regression of CVE-2019-19921)\n(CVE-2023-27561)\n\n* runc: AppArmor can be bypassed when `/proc` inside the container is\nsymlinked with a specific mount configuration (CVE-2023-28642)\n\n* baremetal-operator: plain-text username and hashed password readable by\nanyone having a cluster-wide read-access (CVE-2023-30841)\n\n* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags\n\nThe sha values for the release are:\n\n(For x86_64 architecture)\nThe image digest is\nsha256:74b23ed4bbb593195a721373ed6693687a9b444c97065ce8ac653ba464375711\n\n(For s390x architecture)\nThe image digest is\nsha256:a32d509d960eb3e889a22c4673729f95170489789c85308794287e6e9248fb79\n\n(For ppc64le architecture)\nThe image digest is\nsha256:bca0e4a4ed28b799e860e302c4f6bb7e11598f7c136c56938db0bf9593fb76f8\n\n(For aarch64 architecture)\nThe image digest is\nsha256:e07e4075c07fca21a1aed9d7f9c165696b1d0fa4940a219a000894e5683d846c\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1770297 - console odo download link needs to go to an official location or have caveats [openshift-4.4]\n1853264 - Metrics produce high unbound cardinality\n1877261 - [RFE] Mounted volume size issue when restore a larger size pvc than snapshot\n1904573 - OpenShift: containers modify /etc/passwd group writable\n1943194 - when using gpus, more nodes than needed are created by the node autoscaler\n1948666 - After entering valid git repo url on Import from git page, throwing warning message instead Validated\n1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated\n2005232 - Pods list page should only show Create Pod button to user has sufficient permission\n2016006 - Repositories list does not show the running pipelinerun as last pipelinerun\n2027000 - The user is ignored when we create a new file using a MachineConfig\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047299 - nodeport not reachable port connection timeout\n2050230 - Implement LIST call chunking in openshift-sdn\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2065166 - GCP - Less privileged service accounts are created with Service Account User role\n2066388 - Wrong Error generates when https is missing in the value of `regionEndpoint`   in `configs.imageregistry.operator.openshift.io/cluster`\n2066664 - [cluster-storage-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles\n2070744 - openshift-install destroy in us-gov-west-1 results in infinite loop - AWS govcloud\n2075548 - Support AllocateLoadBalancerNodePorts=False with ETP=local, LGW mode\n2076619 - Could not create deployment with an unknown git repo and builder image build strategy\n2078222 - egressIPs behave inconsistently towards in-cluster traffic (hosts and services backed by host-networked pods)\n2079981 - PVs not deleting on azure (or very slow to delete) since CSI migration to azuredisk\n2081858 - OVN-Kubernetes: SyncServices for nodePortWatcherIptables should propagate failures back to caller\n2083087 - \"Delete dependent objects of this resource\" might cause confusions\n2084452 - PodDisruptionBudgets help message should be semantic\n2087043 - Cluster API components should use K8s 1.24 dependencies\n2087553 - No rhcos-4.11/x86_64 images in the 2 new regions on alibabacloud, \"ap-northeast-2 (South Korea (Seoul))\" and \"ap-southeast-7 (Thailand (Bangkok))\"\n2089093 - CVO hotloops on OperatorGroup due to the diff of \"upgradeStrategy\":  string(\"Default\")\n2089138 - CVO hotloops on ValidatingWebhookConfiguration /performance-addon-operator\n2090680 - upgrade for a disconnected cluster get hang on retrieving and verifying payload\n2092567 - Network policy is not being applied as expected\n2092811 - Datastore name is too long\n2093339 - [rebase v1.24]  Only known images used by tests\n2095719 - serviceaccounts are not updated after upgrade from 4.10 to 4.11\n2100181 - WebScale: configure-ovs.sh fails because it picks the wrong default interface\n2100429 - [apiserver-auth] default SCC restricted allow volumes don\u0027t have \"ephemeral\" caused deployment with Generic Ephemeral Volumes stuck at Pending\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2104978 - MCD degrades are not overwrite-able by subsequent errors\n2110565 - PDB: Remove add/edit/remove actions in Pod resource action menu\n2110570 - Topology sidebar: Edit pod count shows not the latest replicas value when edit the count again\n2110982 - On GCP, need to check load balancer health check IPs  required for restricted installation\n2113973 - operator scc is nor fixed when we define a custom scc with readOnlyRootFilesystem: true\n2114515 - Getting critical NodeFilesystemAlmostOutOfSpace alert for 4K tmpfs\n2115265 - Search page: LazyActionMenus are shown below Add/Remove from navigation button\n2116686 - [capi] Cluster kind should be valid\n2117374 - Improve Pod Admission failure for restricted-v2 denials that pass with restricted\n2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking\n2149436 - CVE-2022-46146 exporter-toolkit: authentication bypass via cache poisoning\n2154196 - CVE-2022-23526 helm: Denial of service through schema file\n2154202 - CVE-2022-23525 helm: Denial of service through through repository index file\n2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests\n2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling\n2168458 - CVE-2023-25165 helm: getHostByName Function Information Disclosure\n2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly\n2175721 - CVE-2023-27561 runc: volume mount race condition (regression of CVE-2019-19921)\n2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding\n2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption\n2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics\n2182883 - CVE-2023-28642 runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration\n2182884 - CVE-2023-25809 runc: Rootless runc makes `/sys/fs/cgroup` writable\n2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations\n2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata\n2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File\n2190116 - CVE-2023-30841 baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOCPBUGS-10036 - Enable aesgcm encryption provider by default in openshift/api\nOCPBUGS-10038 - Enable aesgcm encryption provider by default in openshift/cluster-config-operator\nOCPBUGS-10042 - Enable aesgcm encryption provider by default in openshift/cluster-kube-apiserver-operator\nOCPBUGS-10043 - Enable aesgcm encryption provider by default in openshift/cluster-openshift-apiserver-operator\nOCPBUGS-10044 - Enable aesgcm encryption provider by default in openshift/cluster-authentication-operator\nOCPBUGS-10047 - oc-mirror  print log: unable to parse reference oci://mno/redhat-operator-index:v4.12\nOCPBUGS-10057 - With WPC card configured as GM or BC, phc2sys clock lock state is shown as FREERUN in ptp metrics while it should be LOCKED\nOCPBUGS-10213 - aws: mismatch between RHCOS and AWS SDK regions\nOCPBUGS-10220 - Newly provisioned machines unable to join cluster\nOCPBUGS-10221 - Risk cache warming takes too long on channel changes\nOCPBUGS-10237 - Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry\nOCPBUGS-10239 - [release-4.13] Fix of ServiceAccounts gathering\nOCPBUGS-10249 - PollConsoleUpdates won\u0027t fire toast if one or more manifests errors when plugins change\nOCPBUGS-10267 - NetworkManager TUI quits regardless of a detected unsupported configuration\nOCPBUGS-10271 - [4.13] Netflink overflow alert\nOCPBUGS-10278 - Graph-data is not mounted on graph-builder correctly while install using graph-data image built by oc-mirror\nOCPBUGS-10281 - Openshift Ansible OVS version out of sync with RHCOS\nOCPBUGS-10291 - Broken link for Ansible tagging\nOCPBUGS-10298 - TenantID is ignored in some cases\nOCPBUGS-10320 - Catalogs should not be included in the ImageContentSourcePolicy.yaml\nOCPBUGS-10321 - command cannot be worked after chroot /host for oc debug pod\nOCPBUGS-1033 - Multiple extra manifests in the same file are not applied correctly\nOCPBUGS-10334 - Nutanix cloud-controller-manager pod not have permission to get/list ConfigMap\nOCPBUGS-10353 - kube-apiserver not receiving or processing shutdown signal after coreos 9.2 bump\nOCPBUGS-10367 - Pausing pools in OCP 4.13 will cause critical alerts to fire\nOCPBUGS-10377 - [gcp] IPI installation with Shielded VMs enabled failed on restarting the master machines\nOCPBUGS-10404 - Workload annotation missing from deployments\nOCPBUGS-10421 - RHCOS 4.13 live iso x84_64 contains restrictive policy.json\nOCPBUGS-10426 - node-topology is not exported due to kubelet.sock: connect: permission denied \nOCPBUGS-10427 - 4.1 born cluster fails to scale-up due to podman run missing `--authfile` flag\nOCPBUGS-10432 - CSI Inline Volume admission plugin does not log object name correctly\nOCPBUGS-10440 - OVN IPSec - does not create IPSec tunnels\nOCPBUGS-10474 - OpenShift pipeline TaskRun(s) column Duration is not present as column in UI\nOCPBUGS-10476 - Disable netlink mode of netclass collector in Node Exporter. \nOCPBUGS-1048 - if tag categories don\u0027t exist, the installation will fail to bootstrap\nOCPBUGS-10483 - [4.13 arm64 image][AWS EFS] Driver fails to get installed/exec format error\nOCPBUGS-10558 - MAPO failing to retrieve flavour information after rotating credentials\nOCPBUGS-10585 - [4.13] Request to update RHCOS installer bootimage metadata \nOCPBUGS-10586 - Console shows x509 error when requesting token from oauth endpoint\nOCPBUGS-10597 - The agent-tui shows again during the installation\nOCPBUGS-1061 - administrator console, monitoring-alertmanager-edit user list or create silence, \"Observe - Alerting - Silences\" page is pending\nOCPBUGS-10645 - 4.13: Operands running management side missing affinity, tolerations, node selector and priority rules than the operator\nOCPBUGS-10656 - create image command erroneously logs that Base ISO was obtained from release\nOCPBUGS-10657 - When releaseImage is a digest the create image command generates spurious warning\nOCPBUGS-10658 - Wrong PrimarySubnet in OpenstackProviderSpec when using Failure Domains\nOCPBUGS-10661 - machine API operator failing with No Major.Minor.Patch elements found\nOCPBUGS-10678 - Developer catalog shows ImageStreams as samples which has no sampleRepo\nOCPBUGS-10679 - Show type of sample on the samples view\nOCPBUGS-10689 - [IPI on BareMetal]: Workers failing inspection when installing with proxy\nOCPBUGS-10697 - [release-4.13] User is allowed to create IP Address pool with duplicate entries for namespace and matchExpression for serviceSelector and namespaceSelector\nOCPBUGS-10698 - [release-4.13] Already assigned IP address is removed from a service on editing the ip address pool. \nOCPBUGS-10710 - Metal virtual media job permafails during early bootstrap\nOCPBUGS-10716 - Image Registry default to Removed on IBM cloud after 4.13.0-ec.3\nOCPBUGS-10739 - [4.13] Bootimage bump tracker\nOCPBUGS-10744 - [4.13] EgressFirewall status disappeared \nOCPBUGS-10746 - Downstream Operator-SDK v1.22.2 to OCP 4.13\nOCPBUGS-10771 - upgrade test failure with \"Cluster operator control-plane-machine-set is not available\"\nOCPBUGS-10773 - TestNewAppRun unit test failing\nOCPBUGS-10792 - Hypershift namespace servicemonitor has wrong API group\nOCPBUGS-10793 - Ignore device list missing in Node Exporter \nOCPBUGS-10796 - [4.13] Egress firewall is not retried on error\nOCPBUGS-10799 - Network policy perf improvements\nOCPBUGS-10801 - [4.13] Upgrade to 4.10 stalled on timeout completing syncEgressFirewall\nOCPBUGS-10811 - Missing vCenter build number in telemetry\nOCPBUGS-10813 - SCOS bootstrap should skip pivot when root is not writable\nOCPBUGS-10826 - RHEL 9.2 doesn\u0027t contain the `kernel-abi-whitelists` package. \nOCPBUGS-10832 - Edit Deployment (and DC) form doesn\u0027t enable Save button when changing strategy type\nOCPBUGS-10833 - update the default pipelineRun template name\nOCPBUGS-10834 - [OVNK] [IC] Having only one leader election in the master process\nOCPBUGS-10873 - OVN to OVN-H migration seems broken\nOCPBUGS-10888 - oauth-server fails to invalidate cache, causing non existing groups being referenced\nOCPBUGS-10890 - Hypershift replace upgrade: node in NotReady after upgrading from a 4.14 image to another 4.14 image\nOCPBUGS-10891 - Cluster Autoscaler balancing similar nodes test fails randomly\nOCPBUGS-10892 - Passwords printed in log messages\nOCPBUGS-10893 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag\nOCPBUGS-10902 - [IBMCloud] destroyed the private cluster, fail to cleanup the dns records\nOCPBUGS-10903 - [IBMCloud] fail to ssh to master/bootstrap/worker nodes from the bastion inside a customer vpc. \nOCPBUGS-10907 - move to rhel9 in DTK for 4.13\nOCPBUGS-10914 - Node healthz server: return unhealthy when pod is to be deleted\nOCPBUGS-10919 - Update Samples Operator to use latest jenkins 4.12 release\nOCPBUGS-10923 - Cluster bootstrap waits for only one master to join before finishing \nOCPBUGS-10929 - Kube 1.26 for ovn-k\nOCPBUGS-10946 - For IPv6-primary dual-stack cluster, kubelet.service renders only single node-ip\nOCPBUGS-10951 - When imagesetconfigure without OCI FBC format config, but command with use-oci-feature  flag, the oc-mirror command should check the imagesetconfigure firstly and print error immediately\nOCPBUGS-10953 - ovnkube-node does not close up correctly\nOCPBUGS-10955 - [release-4.13] NMstate complains about ping not working when adding multiple routing tables with different gateways\nOCPBUGS-10960 - [4.13] Vertical Scaling: do not trigger inadvertent machine deletion during bootstrap\nOCPBUGS-10965 - The network-tools image stream is missing in the cluster samples\nOCPBUGS-10982 - [4.13] nodeSelector in EgressFirewall doesn\u0027t work in dualstack cluster\nOCPBUGS-10989 - Agent create sub-command is returning fatal error\nOCPBUGS-10990 - EgressIP doesn\u0027t work in GCP XPN cluster\nOCPBUGS-11004 - Bootstrap kubelet client cert should include system:serviceaccounts group\nOCPBUGS-11010 - [vsphere] zone cluster installation fails if vSphere Cluster is embedded in Folder\nOCPBUGS-11022 - [4.13][scale] all egressfirewalls will be updated on every node update\nOCPBUGS-11023 - [4.13][scale] Ingress network policy creates more flows than before\nOCPBUGS-11031 - SNO OCP upgrade from 4.12 to 4.13 failed due to node-tuning operator is not available - tuned pod stuck at Terminating\nOCPBUGS-11032 - Update the validation interval for the cluster transfer to 12 hours\nOCPBUGS-11040 - --container-runtime is being removed in k8s 1.27\nOCPBUGS-11054 - GCP: add europe-west12 region to the survey as supported region\nOCPBUGS-11055 - APIServer service isn\u0027t selected correctly for PublicAndPrivate cluster when external-dns is not configured\nOCPBUGS-11058 - [4.13] Conmon leaks symbolic links in /var/run/crio when pods are deleted\nOCPBUGS-11068 - nodeip-configuration not enabled for VSphere UPI\nOCPBUGS-11107 - Alerts display incorrect source when adding external alert sources\nOCPBUGS-11117 - The provided gcc RPM inside DTK does not match the gcc used to build the kernel\nOCPBUGS-11120 - DTK docs should mention the ubi9 base image instead of ubi8\nOCPBUGS-11213 - BMH moves to deleting before all finalizers are processed\nOCPBUGS-11218 - \"pipelines-as-code-pipelinerun-go\" configMap is not been used for the Go repository \nOCPBUGS-11222 - kube-controller-manager cluster operator is degraded due connection refused while querying rules\nOCPBUGS-11227 - Relax CSR check due to k8s 1.27 changes\nOCPBUGS-11232 - All projects options shows as undefined after selection in Dev perspective Pipelines page \nOCPBUGS-11248 - Secret name variable get renders in Create Image pull secret alert\nOCPBUGS-1125 - Fix disaster recovery test [sig-etcd][Feature:DisasterRecovery][Disruptive] [Feature:EtcdRecovery] Cluster should restore itself after quorum loss [Serial]\nOCPBUGS-11257 - egressip cannot be assigned on hypershift hosted cluster node\nOCPBUGS-11261 - [AWS][4.13] installer get stuck if BYO private hosted zone is configured\nOCPBUGS-11263 - PTP KPI version 4.13 RC2 WPC - offset jumps to huge numbers \nOCPBUGS-11307 - Egress firewall node selector test missing\nOCPBUGS-11333 - startupProbe for UWM prometheus is still 15m\nOCPBUGS-11339 - ose-ansible-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13\nOCPBUGS-11340 - ose-helm-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13\nOCPBUGS-11341 - openshift-manila-csi-driver is missing the workload.openshift.io/allowed label\nOCPBUGS-11354 - CPMS: node readiness transitions not always trigger reconcile \nOCPBUGS-11384 - Switching from enabling realTime to disabling Realtime Workloadhint causes stalld to be enabled\nOCPBUGS-11390 - Service Binding Operator installation fails: \"A subscription for this operator already exists in namespace ...\"\nOCPBUGS-11424 - [release-4.13] new whereabouts reconciler relies on HOSTNAME which != spec.nodeName\nOCPBUGS-11427 - [release-4.13] whereabouts reads wrong annotation \"k8s.v1.cni.cncf.io/networks-status\", should be \"k8s.v1.cni.cncf.io/network-status\"\nOCPBUGS-11456 - PTP - When GM and downstream slaves are configured on same server, ptp metrics show slaves as FREERUN\nOCPBUGS-11458 - Ingress Takes 40s on Average Downtime During GCP OVN Upgrades\nOCPBUGS-11460 - CPMS doesn\u0027t always generate configurations for AWS\nOCPBUGS-11468 - Community operator cannot be mirrored due to malformed image address\nOCPBUGS-11469 - [release4.13] \"exclude bundles with `olm.deprecated` property when rendering\" not backport\nOCPBUGS-11473 - NS autolabeler requires RoleBinding subject namespace to be set when using ServiceAccount\nOCPBUGS-11485 - [4.13] NVMe disk by-id rename breaks LSO/ODF\nOCPBUGS-11503 - Update 4.13 cluster-network-operator image in Dockerfile to be consistent with ART\nOCPBUGS-11506 - CPMS e2e periodics tests timeout failures\nOCPBUGS-11507 - Potential 4.12 to 4.13 upgrade failure due to NIC rename\nOCPBUGS-11510 - Setting cpu-quota.crio.io to `disable` with crun causes container creation to fail\nOCPBUGS-11511 - [4.13] static container pod cannot be running due to CNI request failed with status 400\nOCPBUGS-11529 - [Azure] fail to collect the vm serial log with ?gather bootstrap?\nOCPBUGS-11536 - Cluster monitoring operator runs node-exporter with btrfs collector\nOCPBUGS-11545 - multus-admission-controller should not run as root under Hypershift-managed CNO\nOCPBUGS-11558 - multus-admission-controller should not run as root under Hypershift-managed CNO\nOCPBUGS-11589 - Ensure systemd is compatible with rhel8 journalctl\nOCPBUGS-11598 - openshift-azure-routes triggered continously on rhel9\nOCPBUGS-11606 - User configured In-cluster proxy configuration squashed in hypershift\nOCPBUGS-11643 - Updating kube-rbac-proxy images to be consistent with ART\nOCPBUGS-11657 - [4.13] Static IPv6 LACP bonding is randomly failing in RHCOS 413.92\nOCPBUGS-11659 - Error extracting libnmstate.so.1.3.3 when create image\nOCPBUGS-11661 - AWS s3 policy changes block all OCP installs on AWS\nOCPBUGS-11669 - Bump to kubernetes 1.26.3\nOCPBUGS-11683 - [4.13] Add Controller health to CEO liveness probe\nOCPBUGS-11694 - [4.13] Update legacy toolbox to use registry.redhat.io/rhel9/support-tools\nOCPBUGS-11706 - ccoctl cannot create STS documents in 4.10-4.13 due to s3 policy changes\nOCPBUGS-11750 - TuningCNI cnf-test failure: sysctl allowlist update\nOCPBUGS-11765 - [4.13] Keep current OpenSSH default config in RHCOS 9\nOCPBUGS-11776 - [4.13] VSphereStorageDriver does not document the platform default\nOCPBUGS-11778 - Upgrade SNO: no resolv.conf caused by failure in forcedns dispatcher script\nOCPBUGS-11787 - Update 4.14 ose-vmware-vsphere-csi-driver image to be consistent with ART\nOCPBUGS-11789 - [4.13] Bootimage bump tracker\nOCPBUGS-11799 - [4.13] Bootimage bump tracker\nOCPBUGS-11823 - [Reliability]kube-apiserver\u0027s memory usage keep increasing to max 3GB in 7 days\nOCPBUGS-11848 - PtpOperatorsConfig not applying correctly\nOCPBUGS-11866 - Pipeline is not removed when Deployment/DC/Knative Service or Application is deleted\nOCPBUGS-11870 - [4.13] Nodes in Ironic are created without namespaces initially\nOCPBUGS-11876 - oc-mirror generated file-based catalogs crashloop\nOCPBUGS-11908 - Got the `file exists` error when different digest direct to the same tag\nOCPBUGS-11917 - the warn message won\u0027t disappear in co/node-tuning when scale down machineset\nOCPBUGS-11919 - Console metrics could have a high cardinality (4.13)\nOCPBUGS-11950 - fail to create vSphere IPI cluster as apiVIP and ingressVIP are not in machine networks\nOCPBUGS-11955 - NTP config not applied\nOCPBUGS-11968 - Instance shouldn\u0027t be moved back from f to a\nOCPBUGS-11985 - [4.13] Ironic inspector service should be proxied\nOCPBUGS-12172 - Users don\u0027t know what type of resource is being created by Import from Git or Deploy Image flows\nOCPBUGS-12179 - agent-tui is failing to start when using libnmstate.2\nOCPBUGS-12186 - Pipeline doesn\u0027t render correctly when displayed but looks fine in edit mode\nOCPBUGS-12198 - create hosted cluster failed with aws s3 access issue\nOCPBUGS-12212 - cluster failed to convert from dualstack to ipv4 single stack\nOCPBUGS-12225 - Add new OCP 4.13 storage admission plugin\nOCPBUGS-12257 - Catalogs rebuilt by oc-mirror are in crashloop : cache is invalid\nOCPBUGS-12259 - oc-mirror fails to complete with heads only complaining about devworkspace-operator\nOCPBUGS-12271 - Hypershift conformance test fails new cpu partitioning tests\nOCPBUGS-12272 - Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected\nOCPBUGS-12273 - When Creating Sample Devfile from the Samples Page, Topology Icon is not set\nOCPBUGS-12450 - [4.13] Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time\nOCPBUGS-12465 - --use-oci-feature leads to confusion and needs to be better named\nOCPBUGS-12478 - CSI driver + operator containers are not pinned to mgmt cores\nOCPBUGS-1264 - e2e-vsphere-zones failing due to unable to parse cloud-config\nOCPBUGS-12698 - redfish-virtualmedia mount not working \nOCPBUGS-12703 - redfish-virtualmedia mount not working \nOCPBUGS-12708 - [4.13] Changing a PreprovisioningImage ImageURL and/or ExtraKernelParams should reboot the host\nOCPBUGS-1272 - \"opm alpha render-veneer basic\" doesn\u0027t support pipe stdin\nOCPBUGS-12737 - Multus admission controller must have \"hypershift.openshift.io/release-image\" annotation when CNO is managed by Hypershift\nOCPBUGS-12786 - OLM CatalogSources in guest cluster cannot pull images if pre-GA\nOCPBUGS-12804 - Dual stack VIPs incompatible with EnableUnicast setting\nOCPBUGS-12854 - `cluster-reader` role cannot access \"k8s.ovn.org\" API Group resources\nOCPBUGS-12862 - IPv6 ingress VIP not configured in keepalived on vSphere Dual-stack\nOCPBUGS-12865 - Kubernetes-NMState CI is perma-failing\nOCPBUGS-12933 - Node Tuning Operator crashloops when in Hypershift mode\nOCPBUGS-12994 - TCP DNS Local Preference is not working for Openshift SDN\nOCPBUGS-12999 - Backport owners through 4.13, 4.12\nOCPBUGS-13029 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-13057 - ppc64le releases don\u0027t install because ovs fails to start (invalid permissions)\nOCPBUGS-13069 - [whereabouts-cni] CNO must use reconciliation controller in order to support dual stack in 4.12 [4.13 dependency]\nOCPBUGS-13071 - CI fails on TestClientTLS\nOCPBUGS-13072 - Capture tests don\u0027t work in OVNK\nOCPBUGS-13076 - Load balancers/ Ingress controller removal race condition\nOCPBUGS-13157 - CI fails on TestRouterCompressionOperation\nOCPBUGS-13254 - Nutanix cloud provider should use Kubernetes 1.26 dependencies\nOCPBUGS-1327 - [IBMCloud] Worker machines unreachable during initial bring up\nOCPBUGS-1352 - OVN silently failing in case of a stuck pod\nOCPBUGS-1427 - Ignore non-ready endpoints when processing endpointslices\nOCPBUGS-1428 - service account token secret reference\nOCPBUGS-1435 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns\nOCPBUGS-1443 - Unable to get ClusterVersion error while upgrading 4.11 to 4.12\nOCPBUGS-1453 - TargetDown alert expression is NOT correctly joining kube-state-metrics metric\nOCPBUGS-1458 - cvo pod crashloop during bootstrap: featuregates: connection refused\nOCPBUGS-1486 - Avoid re-metric\u0027ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election\nOCPBUGS-1557 - Default to floating automaticRestart for new GCP instances\nOCPBUGS-1560 - [vsphere] installation fails when only configure single zone in install-config\nOCPBUGS-1565 - Possible split brain with keepalived unicast\nOCPBUGS-1566 - Automation Offline CPUs Test cases\nOCPBUGS-1577 - Incorrect network configuration in worker node with two interfaces\nOCPBUGS-1604 - Common resources out-of-date when using multicluster switcher\nOCPBUGS-1606 - Multi-cluster: We should not filter OLM catalog by console pod architecture and OS on managed clusters \nOCPBUGS-1612 - [vsphere] installation errors out when missing topology in a failure domain\nOCPBUGS-1617 - Remove unused node.kubernetes.io/not-reachable toleration\nOCPBUGS-1627 - [vsphere] installation fails when setting user-defined folder in failure domain\nOCPBUGS-1646 - [osp][octavia lb] LBs type svcs not updated until all the LBs are created\nOCPBUGS-166 - 4.11 SNOs fail to complete install because of \"failed to get pod annotation: timed out waiting for annotations: context deadline exceeded\"\nOCPBUGS-1665 - Scorecard failed because of the request of PodSecurity\nOCPBUGS-1671 - Creating a statefulset with the example image from the UI on ARM64 leads to a Pod in crashloopbackoff due to the only-amd64 image provided\nOCPBUGS-1704 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed\nOCPBUGS-1725 - Affinity rule created in router deployment for single-replica infrastructure and \"NodePortService\" endpoint publishing strategy\nOCPBUGS-1741 - Can\u0027t load additional Alertmanager templates with latest 4.12 OpenShift\nOCPBUGS-1748 - PipelineRun templates must be fetched from OpenShift namespace\nOCPBUGS-1761 - osImages that cannot be pulled do not set the node as Degraded properly\nOCPBUGS-1769 - gracefully fail when iam:GetRole is denied\nOCPBUGS-1778 - Can\u0027t install clusters with schedulable masters\nOCPBUGS-1791 - Wait-for install-complete  did not exit upon completion. \nOCPBUGS-1805 - [vsphere-csi-driver-operator] CSI cloud.conf doesn\u0027t list multiple datacenters when specified \nOCPBUGS-1807 - Ingress Operator startup bad log message formatting\nOCPBUGS-1844 - Ironic dnsmasq doesn\u0027t include existing DNS settings during iPXE boot\nOCPBUGS-1852 - [RHOCP 4.10] Subscription tab for operator doesn\u0027t land on correct URL\nOCPBUGS-186 - PipelineRun task status overlaps status text\nOCPBUGS-1998 - Cluster monitoring fails to achieve new level during upgrade w/ unavailable node\nOCPBUGS-2015 - TestCertRotationTimeUpgradeable failing consistently in kube-apiserver-operator\nOCPBUGS-2083 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it\nOCPBUGS-2088 - User can set rendezvous host to be a worker\nOCPBUGS-2141 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8\nOCPBUGS-2145 - \u0027maxUnavailable\u0027 and \u0027minAvailable\u0027 on PDB creation page - i18n misses\nOCPBUGS-2209 - Hard eviction thresholds is different with k8s default when PAO is enabled\nOCPBUGS-2248 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error \"alicloud: unable to split instanceid and region from providerID\"\nOCPBUGS-2260 - KubePodNotReady - Increase Tolerance During Master Node Restarts\nOCPBUGS-2306 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - \u0027, it can\u0027t be changed by typing in it. \nOCPBUGS-2319 - metal-ipi upgrade success rate dropped 30+% in last week\nOCPBUGS-2384 - [2035720] [IPI on Alibabacloud] deploying a private cluster by \u0027publish: Internal\u0027 failed due to \u0027dns_public_record\u0027\nOCPBUGS-2440 - unknown field logs in prometheus-operator\nOCPBUGS-2471 - BareMetalHost is available without cleaning if the cleaning attempt fails\nOCPBUGS-2479 - Right border radius is 0 for the pipeline visualization wrapper in dark mode\nOCPBUGS-2500 - Developer Topology always blanks with large contents when first rendering\nOCPBUGS-2513 - Disconnected cluster installation fails with pull secret must contain auth for \"registry.ci.openshift.org\" \nOCPBUGS-2525 - [CI Watcher] Ongoing timeout failures associated with multiple CRD-extensions tests\nOCPBUGS-2532 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed\nOCPBUGS-2551 - \"Error loading\" when normal user check operands on All namespaces\nOCPBUGS-2569 - ovn-k network policy races\nOCPBUGS-2579 - Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization\nOCPBUGS-266 - Project Access tab cannot differentiate between users and groups\nOCPBUGS-2666 - `create a project` link not backed by RBAC check\nOCPBUGS-272 - Getting duplicate word \"find\" when kube-apiserver degraded=true if webhook matches a virtual resource\nOCPBUGS-2727 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates\nOCPBUGS-2729 - should ignore enP.* NICs from node-exporter on Azure cluster\nOCPBUGS-2735 - Operand List Page Layout Incorrect on small screen size. \nOCPBUGS-2738 - CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ose-baremetal-installer-container: various flaws [openshift-4.13.z]\nOCPBUGS-2824 - The dropdown list component will be covered by deployment details page on Topology page\nOCPBUGS-2827 - OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods\nOCPBUGS-2841 - Need validation rule for supported arch\nOCPBUGS-2845 - Unable to use application credentials for Cinder CSI after OpenStack credentials update\nOCPBUGS-2847 - GCP XPN should only be available with Tech Preview\nOCPBUGS-2851 - [OCI feature] registries.conf support in oc mirror\nOCPBUGS-2852 - etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded \nOCPBUGS-2868 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster\nOCPBUGS-2873 - Prometheus doesn\u0027t reload TLS certificate and key files on disk\nOCPBUGS-2886 - The LoadBalaner section shouldn\u0027t be set when using Kuryr on cloud-provider\nOCPBUGS-2891 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener \nOCPBUGS-2895 - [RFE] 4.11 Azure DiskEncryptionSet static validation does not support upper-case letters\nOCPBUGS-2904 - If all the actions are disabled in add page, Details on/off toggle switch to be disabled\nOCPBUGS-2907 - provisioning of baremetal nodes fails when using multipath device as rootDeviceHints\nOCPBUGS-2921 - br-ex interface not configured makes ovnkube-node Pod to crashloop \nOCPBUGS-2922 - \u0027Status\u0027 column sorting doesn\u0027t work as expected\nOCPBUGS-2926 - Unable to gather OpenStack console logs since kernel cmd line has no console args\nOCPBUGS-2934 - Ingress node firewall pod \u0027s events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node\nOCPBUGS-2941 - CIRO unable to detect swift when content-type is omitted in 204-responses\nOCPBUGS-2946 - [AWS] curl network Loadbalancer always get \"Connection time out\"\nOCPBUGS-2948 - Whereabouts CNI timesout while iterating exclude range\nOCPBUGS-2988 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10\"\nOCPBUGS-2991 - CI jobs are failing with: admission webhook \"validation.csi.vsphere.vmware.com\" denied the request\nOCPBUGS-2992 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations\nOCPBUGS-2994 - Keepalived monitor stuck for long period of time on kube-api call while installing\nOCPBUGS-2996 - [4.13] Bootimage bump tracker\nOCPBUGS-3018 - panic in WaitForBootstrapComplete\nOCPBUGS-3021 - GCP: missing me-west1 region\nOCPBUGS-3024 - Service list shows undefined:80 when type is ExternalName or LoadBalancer\nOCPBUGS-3027 - Metrics are not available when running console in development mode\nOCPBUGS-3029 - BareMetalHost CR fails to delete on cluster cleanup\nOCPBUGS-3033 - Clicking the logo in the masthead goes to `/dashboards`, even if metrics are disabled\nOCPBUGS-3041 - Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters\nOCPBUGS-3069 - Should show information on page if the upgrade to a target version doesn\u0027t take effect. \nOCPBUGS-3072 - Operator-sdk run bundle with old  sqllite index image failed \nOCPBUGS-3079 - RPS hook only sets the first queue, but there are now many\nOCPBUGS-3085 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage  \nOCPBUGS-3093 - The control plane should tag AWS security groups at creation\nOCPBUGS-3096 - The terraform binaries shipped by the installer are not statically linked\nOCPBUGS-3109 - Change text colour for ConsoleNotification that notifies user that the cluster is being \nOCPBUGS-3114 - CNO reporting incorrect status\nOCPBUGS-3123 - Operator attempts to render both GA and Tech Preview API Extensions\nOCPBUGS-3127 - nodeip-configuration retries forever on network failure, blocking ovs-configuration, spamming syslog\nOCPBUGS-3168 - Add Capacity button does not exist after upgrade OCP version [OCP4.11-\u003eOCP4.12]\nOCPBUGS-3172 - Console shouldn\u0027t try to install dynamic plugins if permissions aren\u0027t available\nOCPBUGS-3180 - Regression in ptp-operator conformance tests\nOCPBUGS-3186 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install\nOCPBUGS-3192 - [4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails \nOCPBUGS-3195 - Service-ca controller exits immediately with an error on sigterm\nOCPBUGS-3206 - [sdn2ovn] Migration failed in vsphere cluster\nOCPBUGS-3207 - SCOS build fails due to pinned kernel\nOCPBUGS-3214 - Installer does not always add router CA to kubeconfig\nOCPBUGS-3228 - Broken secret created while starting a Pipeline\nOCPBUGS-3235 - Topology gets stuck loading\nOCPBUGS-3245 - ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update\nOCPBUGS-3248 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]\nOCPBUGS-3253 - No warning when using wait-for vs. agent wait-for commands\nOCPBUGS-3272 - Unhealthy Readiness probe failed message failing CI when ovnkube DBs are still coming up\nOCPBUGS-3275 - No-op: Unable to retrieve machine from node \"xxx\": expecting one machine for node xxx got: []\nOCPBUGS-3277 - Install failure in create-cluster-and-infraenv.service\nOCPBUGS-3278 - Shouldn\u0027t need to put host data in platform baremetal section in installconfig\nOCPBUGS-3280 - Install ends in preparing-failed due to container-images-available validation\nOCPBUGS-3283 - remove unnecessary RBAC in KCM\nOCPBUGS-3292 - DaemonSet \"/openshift-network-diagnostics/network-check-target\" is not available\nOCPBUGS-3314 - \u0027gitlab.secretReference\u0027 disappears when the buildconfig is edited on ?From View?\nOCPBUGS-3316 - Branch name should sanitised to match actual github branch name in repository plr list\nOCPBUGS-3320 - New master will be created if add duplicated failuredomains in controlplanemachineset\nOCPBUGS-3331 - Update dependencies in CMO release 4.13\nOCPBUGS-3334 - Console should be using v1 apiVersion for ConsolePlugin model\nOCPBUGS-3337 - revert \"force cert rotation every couple days for development\" in 4.12\nOCPBUGS-3338 - Environment cannot find Python\nOCPBUGS-3358 - Revert BUILD-407\nOCPBUGS-3372 - error message is too generic when creating a silence with end time before start\nOCPBUGS-3373 - cluster-monitoring-view user can not list servicemonitors on \"Observe -\u003e Targets\" page\nOCPBUGS-3377 - CephCluster and StorageCluster resources use the same paths\nOCPBUGS-3381 - Make ovnkube-trace work on hypershift deployments\nOCPBUGS-3382 - Unable to configure cluster-wide proxy\nOCPBUGS-3391 - seccomp profile unshare.json missing from nodes\nOCPBUGS-3395 - Event Source is visible without even creating knative-eventing and knative-serving. \nOCPBUGS-3404 - IngressController.spec.nodePlacement.nodeSelector.matchExpressions does not work\nOCPBUGS-3414 - Missing \u0027ImageContentSourcePolicy\u0027 and \u0027CatalogSource\u0027 in the oci fbc feature implementation\nOCPBUGS-3424 - Azure Disk CSI Driver Operator gets degraded without \"CSISnapshot\" capability\nOCPBUGS-3426 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-3427 - Skip broken [sig-devex][Feature:ImageEcosystem] tests\nOCPBUGS-3438 - cloud-network-config-controller not using proxy settings of the management cluster\nOCPBUGS-3440 - Authentication operator doesn\u0027t respond to console being enabled\nOCPBUGS-3441 - Update cluster-authentication-operator not to go degraded without console\nOCPBUGS-3444 - [4.13] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters\nOCPBUGS-3456 - track `rhcos-4.12` branch for fedora-coreos-config submodule\nOCPBUGS-3458 - Surface ClusterVersion RetrievedUpdates condition messages\nOCPBUGS-3465 - IBM operator needs deployment manifest fixes\nOCPBUGS-3473 - Allow listing crio and kernel versions in machine-os components\nOCPBUGS-3476 - Show Tag label and tag name if tag is detected in repository PipelineRun list and details page\nOCPBUGS-3480 - Baremetal Provisioning fails on HP Gen9 systems due to eTag handling\nOCPBUGS-3499 - Route CRD validation behavior must be the same as openshift-apiserver behavior\nOCPBUGS-3501 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior\nOCPBUGS-3502 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation\nOCPBUGS-3508 - masters repeatedly losing connection to API and going NotReady\nOCPBUGS-3524 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure\nOCPBUGS-3526 - oc fails to extract layers that set xattr on Darwin\nOCPBUGS-3539 - [OVN-provider]loadBalancer svc with monitors not working\nOCPBUGS-3612 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1\nOCPBUGS-3621 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags\nOCPBUGS-3648 - Container security operator Image Manifest Vulnerabilities encounters runtime errors under some circumstances\nOCPBUGS-3659 - Expose AzureDisk metrics port over HTTPS\nOCPBUGS-3662 - don\u0027t enforce PSa in 4.12\nOCPBUGS-3667 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down\nOCPBUGS-3668 - 4.12.0-rc.0 fails to deploy on VMware IPI\nOCPBUGS-3676 - After node\u0027s reboot some pods fail to start - deleteLogicalPort failed for pod cannot delete GR SNAT for pod\nOCPBUGS-3693 - Router e2e: drop template.openshift.io apigroup dependency\nOCPBUGS-3709 - Special characters in subject name breaks prefilling role binding form\nOCPBUGS-3713 - [vsphere-problem-detector] fully qualified username must be used when checking permissions\nOCPBUGS-3714 - \u0027oc adm upgrade ...\u0027 should expose ClusterVersion Failing=True\nOCPBUGS-3739 - Pod stuck in containerCreating state when the node on which it is running is Terminated\nOCPBUGS-3744 - Egress router POD creation is failing while using openshift-sdn network plugin\nOCPBUGS-3755 - Create Alertmanager silence form does not explain the new \"Negative matcher\" option\nOCPBUGS-3761 - Consistent e2e test failure:Events.Events: event view displays created pod\nOCPBUGS-3765 - [RFE] Add kernel-rpm-macros to DTK image\nOCPBUGS-3771 - contrib/multicluster-environment.sh needs to be updated to work with ACM cluster proxy\nOCPBUGS-3776 - Manage columns tooltip remains displayed after dialog is closed\nOCPBUGS-3777 - [Dual Stack] ovn-ipsec crashlooping due to cert signing issues\nOCPBUGS-3797 - [4.13] Bump OVS control plane to get \"ovsdb/transaction.c: Refactor assess_weak_refs.\"\nOCPBUGS-3822 - Cluster-admin cannot know whether operator is fully deleted or not after normal user trigger \"Delete CSV\"\nOCPBUGS-3827 - CCM not able to remove a LB in ERROR state\nOCPBUGS-3877 - RouteTargetReference missing default for \"weight\" in Route CRD v1 schema\nOCPBUGS-3880 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator\nOCPBUGS-3883 - Hosted ovnkubernetes pods are not being spread among workers evenly\nOCPBUGS-3896 - Console nav toggle button reports expanded in both expanded and not expanded states\nOCPBUGS-3904 - Delete/Add a failureDomain in CPMS to trigger update cannot work right on GCP\nOCPBUGS-3909 - Node is degraded when a machine config deploys a unit with content and mask=true\nOCPBUGS-3916 - expr for SDNPodNotReady is wrong due to there is not node label for kube_pod_status_ready\nOCPBUGS-3919 - Azure: unable to configure EgressIP if an ASG is set\nOCPBUGS-3921 - Openshift-install bootstrap operation cannot find a cloud defined in clouds.yaml in the current directory\nOCPBUGS-3923 - [CI] cluster-monitoring-operator produces more watch requests than expected\nOCPBUGS-3924 - Remove autoscaling/v2beta2 in 4.12 and later\nOCPBUGS-3929 - Use flowcontrol/v1beta2 for apf manifests in 4.13\nOCPBUGS-3931 - When all extensions are installed,  \"libkadm5\" rpm package is duplicated in the `rpm -q` command\nOCPBUGS-3933 - Fails to deprovision cluster when swift omits \u0027content-type\u0027\nOCPBUGS-3945 - Handle 0600 kubeconfig\nOCPBUGS-3951 - Dynamic plugin extensions disappear from the UI when a codeRef fails to load\nOCPBUGS-3960 - Use kernel-rt from ose repo\nOCPBUGS-3965 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce\nOCPBUGS-3973 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue. \nOCPBUGS-3974 - CIRO panics when suspended flag is nil\nOCPBUGS-3975 - \"Failed to open directory, disabling udev device properties\" in node-exporter logs\nOCPBUGS-3978 - AWS EBS CSI driver operator is degraded without \"CSISnapshot\" capability\nOCPBUGS-3985 - Allow PSa enforcement in 4.13 by using featuresets\nOCPBUGS-3987 - Some nmstate validations are skipped when NM config is in agent-config.yaml\nOCPBUGS-3990 - HyperShift control plane operators have wrong priorityClass\nOCPBUGS-3993 - egressIP annotation including two interfaces when multiple networks\nOCPBUGS-4000 - fix operator naming convention \nOCPBUGS-4008 - Console deployment does not roll out when managed cluster configmap is updated\nOCPBUGS-4012 - Disabled Serverless add actions should not be displayed in topology menu\nOCPBUGS-4026 - Endless rerender loop and a stuck browser on the add and topology page when SBO is installed\nOCPBUGS-4047 - [CI-Watcher] e2e test flake: Create key/value secrets Validate a key/value secret\nOCPBUGS-4049 - MCO reconcile fails if user replace the pull secret to empty one\nOCPBUGS-4052 - [ALBO] OpenShift Load Balancer Operator does not properly support cluster wide proxy\nOCPBUGS-4054 - cluster-ingress-operator\u0027s configurable-route controller\u0027s startup is noisy\nOCPBUGS-4089 - Kube-State-metrics pod fails to start due to panic\nOCPBUGS-4090 - OCP on OSP - Image registry is deployed with cinder instead of swift storage backend \nOCPBUGS-4101 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting\nOCPBUGS-4110 - Form footer buttons are misaligned in web terminal form\nOCPBUGS-4119 - Random SYN drops in OVS bridges of OVN-Kubernetes\nOCPBUGS-4166 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-4168 - Prometheus continuously restarts due to slow WAL replay\nOCPBUGS-4173 - vsphere-problem-detector should re-check passwords after change\nOCPBUGS-4181 - Prometheus and Alertmanager incorrect ExternalURL configured\nOCPBUGS-4184 - Use mTLS authentication for all monitoring components instead of bearer token\nOCPBUGS-4203 - Unnecessary padding around alert atop debug pod terminal\nOCPBUGS-4206 - getContainerStateValue contains incorrectly internationalized text\nOCPBUGS-4207 - Remove debug level logging on openshift-config-operator\nOCPBUGS-4219 - Add runbook link to PrometheusRuleFailures\nOCPBUGS-4225 - [4.13] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450\nOCPBUGS-4232 - CNCC: Wrong log format for Azure locking\nOCPBUGS-4245 - L2 does not work if a metallb is not able to listen to arp requests on a single interface\nOCPBUGS-4252 - Node Terminal tab results in error\nOCPBUGS-4253 - Add PodNetworkConnectivityCheck for must-gather\nOCPBUGS-4266 - crio.service should use a more safe restart policy to provide recoverability against concurrency issues\nOCPBUGS-4279 - Custom Victory-Core components in monitoring ui code causing build issues \nOCPBUGS-4280 - Return 0 when `oc import-image` failed\nOCPBUGS-4282 - [IR-269]Can\u0027t pull sub-manifest image using imagestream of manifest list\nOCPBUGS-4291 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore. \nOCPBUGS-4293 - Specify resources.requests for operator pod\nOCPBUGS-4298 - Specify resources.requests for operator pod\nOCPBUGS-4302 - Specify resources.requests for operator pod\nOCPBUGS-4305 - [4.13] Improve ironic logging configuration in metal3\nOCPBUGS-4317 - [IBM][4.13][Snapshot] restore size in snapshot is not the same size of pvc request size \nOCPBUGS-4328 - Update installer images to be consistent with ART\nOCPBUGS-434 - After FIPS enabled in S390X, ingress controller in degraded state\nOCPBUGS-4343 - Use flowcontrol/v1beta3 for apf manifests in 4.13\nOCPBUGS-4347 - set TLS cipher suites in Kube RBAC sidecars\nOCPBUGS-4350 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely\nOCPBUGS-4352 - [RHOCP] HPA shows different API versions in web console\nOCPBUGS-4357 - Bump samples operator k8s dep to 1.25.2\nOCPBUGS-4359 - cluster-dns-operator corrupts /etc/hosts when fs full\nOCPBUGS-4367 - Debug log messages missing from output and Info messages malformed\nOCPBUGS-4377 - Service name search ability while creating the Route from console\nOCPBUGS-4401 - limit cluster-policy-controller RBAC permissions\nOCPBUGS-4411 - ovnkube node pod crashed after converting to a dual-stack cluster network\nOCPBUGS-4417 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not\nOCPBUGS-4425 - Egress FW ACL rules are invalid in dualstack mode\nOCPBUGS-4447 - [MetalLB Operator] The CSV needs an update to reflect the correct version of operator\nOCPBUGS-446 - Cannot Add a project from DevConsole in airgap mode using git importing\nOCPBUGS-4483 - apply retry logic to ovnk-node controllers\nOCPBUGS-4490 - hypershift: csi-snapshot-controller uses wrong kubeconfig\nOCPBUGS-4491 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig\nOCPBUGS-4492 - [4.13] The property TransferProtocolType is required for VirtualMedia.InsertMedia\nOCPBUGS-4502 - [4.13] [OVNK] Add support for service session affinity timeout\nOCPBUGS-4516 - `oc-mirror` does not work as expected relative path for OCI format copy \nOCPBUGS-4517 - Better to detail the --command-os of mac for `oc adm release extract` command\nOCPBUGS-4521 - all kubelet targets are down after a few hours\nOCPBUGS-4524 - Hold lock when deleting completed pod during update event\nOCPBUGS-4525 - Don\u0027t log in iterateRetryResources when there are no retry entries\nOCPBUGS-4535 - There is no 4.13 gcp-filestore-csi-driver-operator version for test\nOCPBUGS-4536 - Image registry panics while deploying OCP in eu-south-2 AWS region\nOCPBUGS-4537 - Image registry panics while deploying OCP in eu-central-2 AWS region\nOCPBUGS-4538 - Image registry panics while deploying OCP in ap-south-2 AWS region\nOCPBUGS-4541 - Azure: remove deprecated ADAL\nOCPBUGS-4546 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4]\nOCPBUGS-4549 - Azure: replace deprecated AD Graph API\nOCPBUGS-4550 - [CI] console-operator produces more watch requests than expected\nOCPBUGS-4571 - The operator recommended namespace is incorrect after change installation mode to \"A specific namespace on the cluster\"\nOCPBUGS-4574 - Machine stuck in no phase when creating in a nonexistent zone and stuck in Deleting when deleting on GCP\nOCPBUGS-463 - OVN-Kubernetes should not send IPs with leading zeros to OVN\nOCPBUGS-4630 - Bump documentationBaseURL to 4.13\nOCPBUGS-4635 - [OCP 4.13] ironic container images have old packages\nOCPBUGS-4638 - Support RHOBS monitoring for HyperShift in CNO\nOCPBUGS-4652 - Fixes for RHCOS 9 based on RHEL 9.0\nOCPBUGS-4654 - Azure: UPI: Fix storage arm template to work with Galleries and MAO\nOCPBUGS-4659 - Network Policy executes duplicate transactions for every pod update\nOCPBUGS-4684 - In DeploymentConfig both the Form view and Yaml view are not in sync\nOCPBUGS-4689 - SNO not able to bring up Provisioning resource in 4.11.17\nOCPBUGS-4691 - Topology sidebar actions doesn\u0027t show the latest resource data\nOCPBUGS-4692 - PTP operator: Use priority class node critical\nOCPBUGS-4700 - read-only update UX: confusing \"Update blocked\" pop-up\nOCPBUGS-4701 - read-only update UX: confusing \"Control plane is hosted\" banner\nOCPBUGS-4703 - Router can migrate to use LivenessProbe.TerminationGracePeriodSeconds\nOCPBUGS-4712 - ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged\nOCPBUGS-4724 - [4.13] egressIP annotations not present on OpenShift on Openstack multiAZ installation\nOCPBUGS-4725 - mapi_machinehealthcheck_short_circuit not properly reconciling causing MachineHealthCheckUnterminatedShortCircuit alert to fire\nOCPBUGS-4746 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS\nOCPBUGS-4756 - OLM generates invalid component selector labels\nOCPBUGS-4757 - Revert Catalog PSA decisions for 4.13 (OLM)\nOCPBUGS-4758 - Revert Catalog PSA decisions for 4.13 (Marketplace)\nOCPBUGS-4769 - Old AWS boot images vs. 4.12: unknown provider \u0027ec2\u0027\nOCPBUGS-4780 - Update openshift/builder release-4.13 to go1.19\nOCPBUGS-4781 - Get Helm Release seems to be using List Releases api\nOCPBUGS-4793 - CMO may generate Kubernetes events with a wrong object reference\nOCPBUGS-4802 - Update formatting with gofmt for go1.19\nOCPBUGS-4825 - Pods completed + deleted may leak\nOCPBUGS-4827 - Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1\nOCPBUGS-4873 - openshift-marketplace namespace missing \"audit-version\" and \"warn-version\" PSA label\nOCPBUGS-4874 - Baremetal host data is still sometimes required\nOCPBUGS-4883 - Default Git type to other info alert should get remove after changing the git type\nOCPBUGS-4894 - Disabled Serverless add actions should not be displayed for Knative Service\nOCPBUGS-4899 - coreos-installer output not available in the logs\nOCPBUGS-4900 - Volume limits test broken on AWS and GCP TechPreview clusters\nOCPBUGS-4906 - Cross-namespace template processing is not being tested\nOCPBUGS-4909 - Can\u0027t reach own service when egress netpol are enabled\nOCPBUGS-4913 - Need to wait longer for VM to obtain IP from DHCP\nOCPBUGS-4941 - Fails to deprovision cluster when swift omits \u0027content-type\u0027 and there are empty containers\nOCPBUGS-4950 - OLM K8s Dependencies should be at 1.25\nOCPBUGS-4954 - [IBMCloud] COS Reclamation prevents ResourceGroup cleanup\nOCPBUGS-4955 - Bundle Unpacker Using \"Always\" ImagePullPolicy for digests\nOCPBUGS-4969 - ROSA Machinepool EgressIP Labels Not Discovered\nOCPBUGS-4975 - Missing translation in ceph storage plugin\nOCPBUGS-4986 - precondition: Do not claim warnings would have blocked\nOCPBUGS-4997 - Agent ISO does not respect proxy settings\nOCPBUGS-5001 - MachineConfigControllerPausedPoolKubeletCA should have a working runbook URI\nOCPBUGS-501 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver\nOCPBUGS-5010 - Should always delete the must-gather pod when run the must-gather\nOCPBUGS-5016 - Editing Pipeline in the ocp console to get information error\nOCPBUGS-5018 - Upgrade from 4.11 to  4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists. \nOCPBUGS-5036 - Cloud Controller Managers do not react to changes in configuration leading to assorted errors\nOCPBUGS-5045 - unit test data race with egress ip tests\nOCPBUGS-5068 - [4.13] virtual media provisioning fails when iLO Ironic driver is used\nOCPBUGS-5073 - Connection reset by peer issue with SSL OAuth Proxy when route objects are created more than 80. \nOCPBUGS-5079 - [CI Watcher] pull-ci-openshift-console-master-e2e-gcp-console jobs: Process did not finish before 4h0m0s timeout\nOCPBUGS-5085 - Should only show the selected catalog when after apply  the ICSP and catalogsource\nOCPBUGS-5101 - [GCP] [capi] Deletion of cluster  is happening  , it shouldn\u0027t be allowed\nOCPBUGS-5116 - machine.openshift.io API is not supported in Machine API webhooks\nOCPBUGS-512 - Permission denied when write data to mounted gcp filestore volume instance\nOCPBUGS-5124 - kubernetes-nmstate does not pass CVP tests in 4.12\nOCPBUGS-5136 - provisioning on ilo4-virtualmedia BMC driver fails with error: \"Creating vfat image failed: Unexpected error while running command\"\nOCPBUGS-5140 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s\nOCPBUGS-5151 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install\nOCPBUGS-5164 - Add support for API version v1beta1 for knativeServing and knativeEventing\nOCPBUGS-5165 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX\nOCPBUGS-5182 - [azure] Fail to create master node with vm size in family ECIADSv5 and ECIASv5\nOCPBUGS-5184 - [azure] Fail to create master node with vm size in standardNVSv4Family\nOCPBUGS-5188 - Wrong message in MCCDrainError alert\nOCPBUGS-5234 - [azure] Azure Stack Hub (wwt) UPI installation failed to scale up worker nodes using machinesets \nOCPBUGS-5235 - mapi_instance_create_failed metric cannot work when set acceleratedNetworking: true on Azure\nOCPBUGS-5269 - remove unnecessary RBAC in KCM: file removal\nOCPBUGS-5275 - remove unnecessary RBAC in OCM\nOCPBUGS-5287 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail\nOCPBUGS-5292 - Multus: Interface name contains an invalid character / [ocp 4.13]\nOCPBUGS-5300 - WriteRequestBodies audit profile records routes/status events at RequestResponse level\nOCPBUGS-5306 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network\nOCPBUGS-5346 - Reported vSphere Connection status is misleading\nOCPBUGS-5347 - Clusteroperator Available condition is updated every 2 mins when operator is disabled\nOCPBUGS-5353 - Dashboard graph should not be stacked - Kubernetes / Compute Resources / Pod Dashboard\nOCPBUGS-5410 - [AWS-EBS-CSI-Driver] provision volume using customer kms key couldn\u0027t restore its snapshot successfully\nOCPBUGS-5423 - openshift-marketplace pods cause PodSecurityViolation alert to fire\nOCPBUGS-5428 - Many plugin SDK extension docs are missing descriptions\nOCPBUGS-5432 - Downstream Operator-SDK v1.25.1 to OCP 4.13\nOCPBUGS-5458 - wal: max entry size limit exceeded\nOCPBUGS-5465 - Context Deadline exceeded when PTP service is disabled from the switch\nOCPBUGS-5466 - Default CatalogSource aren\u0027t always reverted to default settings\nOCPBUGS-5492 - CI \"[Feature:bond] should create a pod with bond interface\" fail for MTU migration jobs\nOCPBUGS-5497 - MCDRebootError alarm disappears after 15 minutes\nOCPBUGS-5498 - Host inventory quick start for OCP\nOCPBUGS-5505 - Upgradeability check is throttled too much and with unnecessary non-determinism\nOCPBUGS-5508 - Report topology usage in vSphere environment via telemetry\nOCPBUGS-5517 - [Azure/ARO] Update Azure SDK to v63.1.0+incompatible \nOCPBUGS-5520 - MCDPivotError alert fires due temporary transient failures \nOCPBUGS-5523 - Catalog, fatal error: concurrent map read and map write\nOCPBUGS-5524 - Disable vsphere intree tests that exercise multiple tests\nOCPBUGS-5534 -  [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn\u0027t appear after ODF upgrade resulting in dashboard crash\nOCPBUGS-5540 - Typo in WTO for Milliseconds\nOCPBUGS-5542 - Project dropdown order is not as smart as project list page order\nOCPBUGS-5546 - Machine API Provider Azure should not modify the Machine spec\nOCPBUGS-5547 - Webhook Secret (1 of 2) is not removed when Knative Service is deleted\nOCPBUGS-5559 - add default noProxy config for Azure\nOCPBUGS-5733 - [Openshift Pipelines] Description of parameters are not shown in pipelinerun description page\nOCPBUGS-5734 - Azure: VIP 168.63.129.16 should be noProxy to all clouds except Public\nOCPBUGS-5736 - The main section of the page will keep loading after normal user login\nOCPBUGS-5759 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled\nOCPBUGS-5802 - update sprig to v3 in cno\nOCPBUGS-5836 - Incorrect redirection when user try to download windows oc binary\nOCPBUGS-5842 - executes /host/usr/bin/oc\nOCPBUGS-5851 - [CI-Watcher]: Using OLM descriptor components deletes operand \nOCPBUGS-5873 - etcd_object_counts is deprecated and replaced with apiserver_storage_objects, causing \"etcd Object Count\" dashboard to only show OpenShift resources\nOCPBUGS-5888 - Failed to install 4.13 ocp on SNO with \"error during syncRequiredMachineConfigPools\"\nOCPBUGS-5891 - oc-mirror heads-only does not work with target name\nOCPBUGS-5903 - gather default ingress controller definition\nOCPBUGS-5922 - [2047299 Jira placeholder] nodeport not reachable port connection timeout\nOCPBUGS-5939 - revert \"force cert rotation every couple days for development\" in 4.13\nOCPBUGS-5948 - Runtime error using API Explorer with AdmissionReview resource\nOCPBUGS-5949 - oc --icsp mapping scope does not match openshift icsp mapping scope\nOCPBUGS-5959 - [4.13] Bootimage bump tracker\nOCPBUGS-5988 - Degraded etcd on assisted-installer installation- bootstrap etcd is not removed properly\nOCPBUGS-5991 - Kube APIServer panics in admission controller\nOCPBUGS-5997 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered\nOCPBUGS-6004 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10\"\nOCPBUGS-6011 - openshift-client package has wrong version of kubectl bundled\nOCPBUGS-6018 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades\nOCPBUGS-6026 - cannot change /etc folder ownership inside pod\nOCPBUGS-6033 - metallb 4.12.0-202301042354 (OCP 4.12)  refers to external image\nOCPBUGS-6049 - Do not show UpdateInProgress when status is Failing\nOCPBUGS-6053 - `availableUpdates: null` results in run-time error on Cluster Settings page\nOCPBUGS-6055 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41\nOCPBUGS-6063 - PVs(vmdk) get deleted when scaling down machineSet with vSphere IPI\nOCPBUGS-6089 - Unnecessary event reprocessing\nOCPBUGS-6092 - ovs-configuration.service fails - Error: Connection activation failed: No suitable device found for this connection\nOCPBUGS-6097 - CVO hotloops on ImageStream and logs the information incorrectly\nOCPBUGS-6098 - Show Git icon and URL in repository link in PLR details page should be based on the git provider\nOCPBUGS-6101 - Daemonset is not upgraded after operator upgrade\nOCPBUGS-6175 - Image registry Operator does not use Proxy when connecting to openstack\nOCPBUGS-6185 - Update 4.13 ose-cluster-config-operator image to be consistent with ART\nOCPBUGS-6187 - Update 4.13 openshift-state-metrics image to be consistent with ART\nOCPBUGS-6189 - Update 4.13 ose-cluster-authentication-operator image to be consistent with ART\nOCPBUGS-6191 - Update 4.13 ose-network-metrics-daemon image to be consistent with ART\nOCPBUGS-6197 - Update 4.13 ose-openshift-apiserver image to be consistent with ART\nOCPBUGS-6201 - Update 4.13 openshift-enterprise-pod image to be consistent with ART\nOCPBUGS-6202 - Update 4.13 ose-cluster-kube-apiserver-operator image to be consistent with ART\nOCPBUGS-6213 - Update 4.13 ose-machine-config-operator image to be consistent with ART\nOCPBUGS-6222 - Update 4.13 ose-alibaba-cloud-csi-driver image to be consistent with ART\nOCPBUGS-6228 - Update 4.13 coredns image to be consistent with ART\nOCPBUGS-6231 - Update 4.13 ose-kube-storage-version-migrator image to be consistent with ART\nOCPBUGS-6232 - Update 4.13 marketplace-operator image to be consistent with ART\nOCPBUGS-6233 - Update 4.13 ose-cluster-openshift-apiserver-operator image to be consistent with ART\nOCPBUGS-6234 - Update 4.13 ose-cluster-bootstrap image to be consistent with ART\nOCPBUGS-6235 - Update 4.13 cluster-network-operator image to be consistent with ART\nOCPBUGS-6238 - Update 4.13 oauth-server image to be consistent with ART\nOCPBUGS-6240 - Update 4.13 ose-cluster-kube-storage-version-migrator-operator image to be consistent with ART\nOCPBUGS-6241 - Update 4.13 operator-lifecycle-manager image to be consistent with ART\nOCPBUGS-6247 - Update 4.13 ose-cluster-ingress-operator image to be consistent with ART\nOCPBUGS-6262 - Add more logs to \"oc extract\" in mco-first boot service \nOCPBUGS-6265 - When installing SNO with bootstrap in place it takes CVO 6 minutes to acquire the leader lease \nOCPBUGS-6270 - Irrelevant vsphere platform data is required\nOCPBUGS-6272 - E2E tests: Entire pipeline flow from Builder page Start the pipeline with workspace\nOCPBUGS-631 - machineconfig service is failed to start because Podman storage gets corrupted\nOCPBUGS-6486 - Image upload fails when installing cluster\nOCPBUGS-6503 - admin ack test nondeterministically does a check post-upgrade\nOCPBUGS-6504 - IPI Baremetal Master Node in DualStack getting fd69:: address randomly,  OVN CrashLoopBackOff\nOCPBUGS-6507 - Don\u0027t retry network policy peer pods if ips couldn\u0027t be fetched\nOCPBUGS-6577 - Node-exporter NodeFilesystemAlmostOutOfSpace alert exception needed\nOCPBUGS-6610 - Developer - Topology : \u0027Filter by resource\u0027 drop-down i18n misses\nOCPBUGS-6621 - Image registry panics while deploying OCP in ap-southeast-4 AWS region\nOCPBUGS-6624 - Issue deploying the master node with IPI\nOCPBUGS-6634 - Let the console able to build on other architectures and compatible with prow builds\nOCPBUGS-6646 - Ingress node firewall CI is broken with latest\nOCPBUGS-6647 - User Preferences - Applications : Resource type drop-down i18n misses\nOCPBUGS-6651 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy\nOCPBUGS-6660 - Uninstall Operator? modal instructions always reference optional checkbox\nOCPBUGS-6663 - Platform baremetal warnings during create image when fields not defined\nOCPBUGS-6682 - [OVN] ovs-configuration vSphere vmxnet3 allmulti workaround is now permanent\nOCPBUGS-6698 - Fix conflict error message in cluster-ingress-operator\u0027s ensureNodePortService\nOCPBUGS-6700 - Cluster-ingress-operator\u0027s updateIngressClass function logs success message when error\nOCPBUGS-6701 - The ingress-operator spuriously updates ingressClass on startup\nOCPBUGS-6714 - Traffic from egress IPs was interrupted after Cluster patch to Openshift 4.10.46\nOCPBUGS-672 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes\nOCPBUGS-6722 - s390x: failed to generate asset \"Image\": multiple \"disk\" artifacts found\nOCPBUGS-6730 - Pod latency spikes are observed when there is a compaction/leadership transfer\nOCPBUGS-6731 - Gathered Environment variables (HTTP_PROXY/HTTPS_PROXY) may contain sensible information and should be obfuscated\nOCPBUGS-6741 - opm fails to serve FBC if cachedir not provided\nOCPBUGS-6757 - Pipeline Repository (Pipeline-as-Code) list page shows an empty Event type column\nOCPBUGS-6760 - Couldn\u0027t update/delete cpms on gcp private cluster\nOCPBUGS-6762 - Enhance the user experience for the name-filter-input on Metrics target page\nOCPBUGS-6765 - \"Delete dependent objects of this resource\" might cause confusions\nOCPBUGS-6777 - [gcp][CORS-1988] \"create manifests\" without an existing \"install-config.yaml\" missing 4 YAML files in \"\u003cinstall dir\u003e/openshift\" which leads to \"create cluster\" failure\nOCPBUGS-6781 - gather Machine objects\nOCPBUGS-6797 - Empty IBMCOS storage config causes operator to crashloop\nOCPBUGS-6799 - Repositories list does not show the running pipelinerun as last pipelinerun\nOCPBUGS-6809 - Uploading large layers fails with \"blob upload invalid\"\nOCPBUGS-6811 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-6821 - Update NTO images to be consistent with ART\nOCPBUGS-6832 - Include openshift_apps_deploymentconfigs_strategy_total to recent_metrics\nOCPBUGS-6893 - Dev console doesn\u0027t finish loading for users with limited access\nOCPBUGS-6902 - 4.13-e2e-metal-ipi-upgrade-ovn-ipv6 on permafail\nOCPBUGS-6917 - MultinetworkPolicy: unknown service runtime.v1alpha2.RuntimeService\nOCPBUGS-6925 - Update OWNERS_ALIASES in release-4.13 branch\nOCPBUGS-6945 - OS Release reports incorrect version ID\nOCPBUGS-6953 - ovnkube-master panic nil deref\nOCPBUGS-6955 -  panic in an ovnkube-master  pod\nOCPBUGS-6962 - \u0027agent_installer\u0027 invoker not showing up in telemetry\nOCPBUGS-6977 - pod-identity-webhook replicas=2 is failing single node jobs\nOCPBUGS-6978 - Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1\nOCPBUGS-6994 - All Clusters perspective is not activated automatically when ACM is installed\nOCPBUGS-702 - The caBundle field of alertmanagerconfigs.monitoring.coreos.com crd is getting removed\nOCPBUGS-7031 - Pipelines repository list and creation form doesn\u0027t show Tech Preview status\nOCPBUGS-7090 - Add to navigation button in search result does nothing\nOCPBUGS-7102 - OLM downstream utest fails due to new release-XX+1 branch creation\nOCPBUGS-7106 - network-tools needs to be updated to give ovn-k master leader info\nOCPBUGS-7118 - OCP 4.12 does not support launching SGX enclaves\nOCPBUGS-7144 - On mobile screens, At pipeline details page the info alert on metrics tab is not showing correctly\nOCPBUGS-7149 - IPv6 multinode spoke no moving from rebooting/configuring stage\nOCPBUGS-7173 - [OVN] DHCP timeouts on Azure arm64, install fails\nOCPBUGS-7180 - [4.13] Bootimage bump tracker\nOCPBUGS-7186 - [gcp][CORS-2424] with \"secureBoot\" enabled, after deleting control-plane machine, the new machine is created with \"enableSecureBoot\" being False unexpectedly\nOCPBUGS-7195 - [CI-Watcher] e2e issue with tests: Create Samples Page Timeout Error\nOCPBUGS-7199 - [CI-Watcher] e2e issue with tests: Interacting with CatalogSource page\nOCPBUGS-7204 - Manifests generated to multiple \"results-xxx\" folders when using the oci feature with OCI and nonOCI catalogs \nOCPBUGS-7207 - MTU migration configuration is cleaned up prematurely while in progress\nOCPBUGS-723 - ClusterResourceQuota values are not reflecting. \nOCPBUGS-7268 - [4.13] Modify the PSa pod extractor to mutate pod controller pod specs\nOCPBUGS-7284 - Hypershift failing new SCC conformance tests\nOCPBUGS-7291 - ptp keeps trying to start phc2sys even if it\u0027s configured as empty string in phc2sysOpts\nOCPBUGS-7293 - RHCOS 9.2 Failing to Bootstrap on Metal, OpenStack, vSphere (all baremetal runtime platforms)\nOCPBUGS-7300 - aws-ebs-csi-driver-operator crash loops with HC proxy configured\nOCPBUGS-7301 - Not possible to use certain start addresses in whereabouts IPv6 range [Backport 4.13]\nOCPBUGS-7308 - Download kubeconfig for ServiceAccount returns error\nOCPBUGS-7354 - Installation failed on Azure SDN as network is degraded \nOCPBUGS-7356 - Default channel on OCP 4.13 should be stable-4.13\nOCPBUGS-7359 - [Azure] Replace master failed as new master did not add into lb backend \nOCPBUGS-736 - Kuryr uses default MTU for service network\nOCPBUGS-7366 - [gcp] New machine stuck in Provisioning when delete one zone from cpms on gcp with customer vpc\nOCPBUGS-7372 - fail early on missing node status envs\nOCPBUGS-7374 - set default timeouts in etcdcli\nOCPBUGS-7391 - Monitoring operator long delay reconciling extension-apiserver-authentication\nOCPBUGS-7399 - In the Edit application mode, the name of the added pipeline is not displayed anymore\nOCPBUGS-7408 - AzureDisk CSI driver does not compile with cachito\nOCPBUGS-7412 - gomod dependencies failures in 4.13-4.14 container builds\nOCPBUGS-7417 - gomod dependencies failures in 4.13-4.14 container builds\nOCPBUGS-7418 - Default values for Scaling fields is not set in Create Serverless function form\nOCPBUGS-7419 - CVO delay when setting clusterversion available status to true  \nOCPBUGS-7421 - Missing i18n key for PAC section in Git import form\nOCPBUGS-7424 - Bump cluster-ingress-operator to k8s APIs v0.26.1\nOCPBUGS-7427 - dynamic-demo-plugin.spec.ts requires 10 minutes of unnecessary wait time\nOCPBUGS-7438 - Egress service does not handle invalid nodeSelectors correctly\nOCPBUGS-7482 - Fix handling of single failure-domain (non-tagged) deployments in vsphere\nOCPBUGS-7483 - Hypershift installs on \"platform: none\" are broken\nOCPBUGS-7488 - test flake: should not reconcile SC when state is Unmanaged\nOCPBUGS-7495 - Platform type is ignored\nOCPBUGS-7517 - Helm page crashes on old releases with a new Secret\nOCPBUGS-7519 - NFS Storage Tests trigger Kernel Panic on Azure and Metal\nOCPBUGS-7523 - Add new AWS regions for ROSA\nOCPBUGS-7542 - Bump router to k8s APIs v0.26.1\nOCPBUGS-7555 - Enable default sysctls for kubelet\nOCPBUGS-7558 - Rebase coredns to 1.10.1\nOCPBUGS-7563 - vSphere install can\u0027t complete with out-of-tree CCM\nOCPBUGS-7579 - [azure] failed to parse client certificate when using certificate-based Service Principal with passpharse\nOCPBUGS-7611 - PTPOperator config transportHost with AMQ is not detected \nOCPBUGS-7616 - vSphere multiple in-tree test failures (non-zonal)\nOCPBUGS-7617 - Azure Disk volume is taking time to attach/detach\nOCPBUGS-7622 - vSphere UPI jobs failing with \u0027Managed cluster should have machine resources\u0027\nOCPBUGS-7648 - Bump cluster-dns-operator to k8s APIs v0.26.1\nOCPBUGS-7689 - Project Admin is able to Label project with empty string in RHOCP 4\nOCPBUGS-7696 - [ Azure ]not able to deploy machine with publicIp:true\nOCPBUGS-7707 - /etc/NetworkManager/dispatcher.d needs to be relabeled during pivot from 8.6 to 9.2\nOCPBUGS-7719 - Update to 4.13.0-ec.3 stuck on leaked MachineConfig\nOCPBUGS-7729 - Remove ETCD liviness probe. \nOCPBUGS-7731 - Need to cancel threads when agent-tui timeout is stopped\nOCPBUGS-7733 - Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2\nOCPBUGS-7743 - SNO upgrade from 4.12 to 4.13 rhel9.2 is broken cause of dnsmasq default config\nOCPBUGS-7750 - fix gofmt check issue in network-metrics-daemon\nOCPBUGS-7754 - ART having trouble building olm images\nOCPBUGS-7774 - RawCNIConfig is printed in byte representation on failure, not human readable\nOCPBUGS-7785 - migrate to using Lease for leader election\nOCPBUGS-7806 - add \"nfs-export\" under PV details page\nOCPBUGS-7809 - sg3_utils package is missing in the assisted-installer-agent Docker file\nOCPBUGS-781 - ironic-proxy is using a deprecated field to fetch cluster VIP\nOCPBUGS-7833 - Storage tests failing in no-capabilities job\nOCPBUGS-7837 - hypershift: aws-ebs-csi-driver-operator uses guest cluster proxy causing PV provisioning failure\nOCPBUGS-7860 - [azure] message is unclear when missing clientCertificatePassword in osServicePrincipal.json\nOCPBUGS-7876 - [Descheduler] Enabling LifeCycleUtilization to test namespace filtering does not work\nOCPBUGS-7879 - Devfile isn\u0027t be processed correctly on \u0027Add from git repo\u0027\nOCPBUGS-7896 - MCO should not add keepalived pod manifests in case of VSPHERE UPI\nOCPBUGS-7899 - ODF Monitor pods failing to be bounded because timeout issue with thin-csi SC\nOCPBUGS-7903 -  Pool degraded with error: rpm-ostree kargs: signal: terminated\nOCPBUGS-7909 - Baremetal runtime prepender creates /etc/resolv.conf mode 0600 and bad selinux context\nOCPBUGS-794 - OLM version rule is not clear\nOCPBUGS-7940 - apiserver panics in admission controller\nOCPBUGS-7943 - AzureFile CSI driver does not compile with cachito\nOCPBUGS-7970 - [E2E] Always close the filter dropdown in listPage.filter.by\nOCPBUGS-799 - Reply packet for DNS conversation to service IP uses pod IP as source\nOCPBUGS-8066 - Create Serverless Function form breaks if Pipeline Operator is not installed\nOCPBUGS-8086 - Visual issues with listing items\nOCPBUGS-8243 - [release 4.13] Gather Monitoring pods\u0027 Persistent Volumes\nOCPBUGS-8308 - Bump openshift/kubernetes to 1.26.2\nOCPBUGS-8312 - IPI on Power VS clusters cannot deploy MCO\nOCPBUGS-8326 - Azure cloud provider should use Kubernetes 1.26 dependencies\nOCPBUGS-8341 - Unable to set capabilities with agent installer based installation \nOCPBUGS-8342 - create cluster-manifests fails when imageContentSources is missing\nOCPBUGS-8353 - PXE support is incomplete\nOCPBUGS-8381 - Console shows x509 error when requesting token from oauth endpoint\nOCPBUGS-8401 - Bump openshift/origin to kube 1.26.2\nOCPBUGS-8424 - ControlPlaneMachineSet: Machine\u0027s Node should be Ready to consider the Machine Ready\nOCPBUGS-8445 - cgroups default setting in OCP 4.13 generates extra MachineConfig\nOCPBUGS-8463 - OpenStack Failure domains as 4.13 TechPreview\nOCPBUGS-8471 - [4.13] egress firewall only createas 1 acl for long namespace names\nOCPBUGS-8475 - TestBoundTokenSignerController causes unrecoverable disruption in e2e-gcp-operator CI job\nOCPBUGS-8481 - CAPI rebases 4.13 backports\nOCPBUGS-8490 - agent-tui: display additional checks only when primary check fails\nOCPBUGS-8498 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets\nOCPBUGS-8505 - [4.13] egress firewall acls are deleted on restart\nOCPBUGS-8511 - [4.13+ ONLY] Don\u0027t use port 80 in bootstrap IPI bare metal\nOCPBUGS-855 - When setting allowedRegistries urls the openshift-samples operator is degraded\nOCPBUGS-859 - monitor not working with UDP lb when externalTrafficPolicy: Local\nOCPBUGS-860 - CSR are generated with incorrect Subject Alternate Names\nOCPBUGS-8699 - Metal IPI Install Rate Below 90%\nOCPBUGS-8701 - `oc patch project`  not working with OCP 4.12\nOCPBUGS-8702 - OKD SCOS: remove workaround for rpm-ostree auth\nOCPBUGS-8703 - fails to switch to kernel-rt with rhel 9.2\nOCPBUGS-8710 - [4.13] don\u0027t enforce PSa in 4.13\nOCPBUGS-8712 - AES-GCM encryption at rest is not supported by kube-apiserver-operator\nOCPBUGS-8719 - Allow the user to scroll the content of the agent-tui details view\nOCPBUGS-8741 - [4.13] Pods in same deployment will have different ability to query services in same namespace from one another; ocp 4.10\nOCPBUGS-8742 - Origin tests should not specify `readyz` as the health check path\nOCPBUGS-881 - fail to create install-config.yaml as apiVIP and ingressVIP are not in machine networks\nOCPBUGS-8941 - Introduce tooltips for contextual information\nOCPBUGS-904 - Alerts from MCO are missing namespace\nOCPBUGS-9079 - ICMP fragmentation needed sent to pods behind a service don\u0027t seem to reach the pods\nOCPBUGS-91 - [ExtDNS] New TXT record breaks downward compatibility by retroactively limiting record length\nOCPBUGS-9132 - WebSCale: ovn logical router polices incorrect/l3 gw config not updated after IP change\nOCPBUGS-9185 - Pod latency spikes are observed when there is a compaction/leadership transfer\nOCPBUGS-9233 - ConsoleQuickStart {{copy}} and {{execute}} features do not work in some cases\nOCPBUGS-931 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs\nOCPBUGS-9338 - editor toggle radio input doesn\u0027t have distinguishable attributes\nOCPBUGS-9389 - Detach code in vsphere csi driver is failing\nOCPBUGS-948 - OLM sets invalid SCC label on its namespaces\nOCPBUGS-95 - NMstate removes egressip in OpenShift cluster with SDN plugin\nOCPBUGS-9913 - bacport tests for PDBUnhealthyPodEvictionPolicy as Tech Preview\nOCPBUGS-9924 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag\nOCPBUGS-9926 - Enable node healthz server for ovnk in CNO \nOCPBUGS-9951 - fails to reconcile to RT kernel on interrupted updates\nOCPBUGS-9957 - Garbage collect grafana-dashboard-etcd\nOCPBUGS-996 - Control Plane Machine Set Operator OnDelete update should cause an error when more than one machine is ready in an index\nOCPBUGS-9963 - Better to change the error information more clearly to help understand \nOCPBUGS-9968 - Operands running management side missing affinity, tolerations, node selector and priority rules than the operator\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4235\nhttps://access.redhat.com/security/cve/CVE-2021-4238\nhttps://access.redhat.com/security/cve/CVE-2021-20329\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-43519\nhttps://access.redhat.com/security/cve/CVE-2021-44964\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1587\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-2990\nhttps://access.redhat.com/security/cve/CVE-2022-3080\nhttps://access.redhat.com/security/cve/CVE-2022-3259\nhttps://access.redhat.com/security/cve/CVE-2022-4203\nhttps://access.redhat.com/security/cve/CVE-2022-4304\nhttps://access.redhat.com/security/cve/CVE-2022-4450\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-23525\nhttps://access.redhat.com/security/cve/CVE-2022-23526\nhttps://access.redhat.com/security/cve/CVE-2022-26280\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-29154\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/cve/CVE-2022-34903\nhttps://access.redhat.com/security/cve/CVE-2022-38023\nhttps://access.redhat.com/security/cve/CVE-2022-38177\nhttps://access.redhat.com/security/cve/CVE-2022-38178\nhttps://access.redhat.com/security/cve/CVE-2022-40674\nhttps://access.redhat.com/security/cve/CVE-2022-41316\nhttps://access.redhat.com/security/cve/CVE-2022-41717\nhttps://access.redhat.com/security/cve/CVE-2022-41721\nhttps://access.redhat.com/security/cve/CVE-2022-41723\nhttps://access.redhat.com/security/cve/CVE-2022-41724\nhttps://access.redhat.com/security/cve/CVE-2022-41725\nhttps://access.redhat.com/security/cve/CVE-2022-42010\nhttps://access.redhat.com/security/cve/CVE-2022-42011\nhttps://access.redhat.com/security/cve/CVE-2022-42012\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/cve/CVE-2022-42919\nhttps://access.redhat.com/security/cve/CVE-2022-46146\nhttps://access.redhat.com/security/cve/CVE-2022-47629\nhttps://access.redhat.com/security/cve/CVE-2023-0056\nhttps://access.redhat.com/security/cve/CVE-2023-0215\nhttps://access.redhat.com/security/cve/CVE-2023-0216\nhttps://access.redhat.com/security/cve/CVE-2023-0217\nhttps://access.redhat.com/security/cve/CVE-2023-0229\nhttps://access.redhat.com/security/cve/CVE-2023-0286\nhttps://access.redhat.com/security/cve/CVE-2023-0361\nhttps://access.redhat.com/security/cve/CVE-2023-0401\nhttps://access.redhat.com/security/cve/CVE-2023-0620\nhttps://access.redhat.com/security/cve/CVE-2023-0665\nhttps://access.redhat.com/security/cve/CVE-2023-0778\nhttps://access.redhat.com/security/cve/CVE-2023-25000\nhttps://access.redhat.com/security/cve/CVE-2023-25165\nhttps://access.redhat.com/security/cve/CVE-2023-25173\nhttps://access.redhat.com/security/cve/CVE-2023-25577\nhttps://access.redhat.com/security/cve/CVE-2023-25725\nhttps://access.redhat.com/security/cve/CVE-2023-25809\nhttps://access.redhat.com/security/cve/CVE-2023-27561\nhttps://access.redhat.com/security/cve/CVE-2023-28642\nhttps://access.redhat.com/security/cve/CVE-2023-30570\nhttps://access.redhat.com/security/cve/CVE-2023-30841\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGVrhNzjgjWX9erEAQjD7BAAihZ8nlrasEU8QISGjHMUkUXKPHgV6LlZ\nIT2h0MLam8ICSCDdZ8PUVXhWP+CTTIYYdpEPTaIdKdB16iecRXm2ML8GtQ38zSjC\nLpCB4NUmAdoH91FbT2oazgrCgg+2hizfufLYk/8nNm9yVR0zT5kZbuXMFZH/PbCb\ndYYyRsXsNt4+MpaWGf1q3jS7OX8l5UXbfO+nnKHWoow5/PeclygxFbRclr7o62Dy\ntnfgs+OwbroI6L0nohsUTk4Es1koyD8FaGdo28ViLcgVH1VDhBqzHXSAe1P+XmAc\nPSG6slSRIrgJpARfN8OEI89wfI+ttyqEi4yAdoKjCo/pbshhLw3JZQcavmQc8XEK\no1afTtx0XFHJsAdZRjvq+7zExqnDANRLbtkkYG2gYuc8LgGmh6P0ZlhxQFMS3f/T\ncTLSLaP6XSnHQaJyc0kqULHcWBZRzepcIDPYkmTCbCVCwLjXuIoF6eMQvo7eRXCy\n4qN3nT0+M90jWxf/uQzo9NpeWFB7y2cccHMvaPzZ8cAAxpwM3Rphutu9lzRfJCl8\nTMincIMIFq3vLmrfxHX5YOKfgH/Kjc06TbtnzxtucFQVNFxyKIWKgJB/hl1mGDTJ\n8cibppoX+mLmUirPuu+5JwaAmq7skX5HKX3r3t8sajmij17nS2Ff8q52ZLgdZQ6H\nXbiJN3SZj5U=\n=WGO2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.7.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/release_notes/\n\nSecurity fix(es)\n* CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service\n(ReDoS) vulnerability\n* CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint\n* CVE-2023-29017 vm2: Sandbox Escape\n* CVE-2023-29199 vm2: Sandbox Escape\n* CVE-2023-30547 vm2: Sandbox Escape when exception sanitization\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2139426 - CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint\n2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability\n2185374 - CVE-2023-29017 vm2: sandbox escape\n2187409 - CVE-2023-29199 vm2: Sandbox Escape\n2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization\n\n5. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - noarch\nRed Hat Enterprise Linux CRB (v. 9) - aarch64, noarch, x86_64\n\n3. Description:\n\nEDK (Embedded Development Kit) is a project to enable UEFI support for\nVirtual Machines. This package contains a sample 64-bit UEFI firmware for\nQEMU and KVM. \n\nSecurity Fix(es):\n\n* openssl: X.400 address type confusion in X.509 GeneralName\n(CVE-2023-0286)\n\n* edk2: integer underflow in SmmEntryPoint function leads to potential SMM\nprivilege escalation (CVE-2021-38578)\n\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n\n* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)\n\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1960321 - CVE-2021-38578 edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation\n1983086 - Assertion failure when creating 1024 VCPU VM: [...]UefiCpuPkg/CpuMpPei/CpuBist.c(186): !EFI_ERROR (Status)\n2125336 - Please add edk2-aarch64 and edk2-tools to CRB in RHEL 9\n2132951 - edk2: Sort traditional virtualization builds before Confidential Computing builds\n2157656 - [edk2] [aarch64] Unable to initialize EFI firmware when using edk2-aarch64-20221207gitfff6d81270b5-1.el9 in some hardwares\n2162307 - Broken GRUB output on a serial console\n2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName\n2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation\n2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF\n2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex\n2168046 - [edk2] BIOS Release Date string is unexpected length\n2174605 - [EDK2] disable dynamic mmio window\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\nSource:\nedk2-20221207gitfff6d81270b5-9.el9_2.src.rpm\n\nnoarch:\nedk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm\nedk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch.rpm\n\nRed Hat Enterprise Linux CRB (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.9 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly\n2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption\n2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics\n\n5. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.redhat.com/):\n\nJWS-2933 - Update openssl from JBCS to versions from 2.4.51-SP2\n\n7. Bugs fixed (https://bugzilla.redhat.com/):\n\n2139896 - Requested TSC frequency outside tolerance range \u0026 TSC scaling not supported\n2145146 - CDI operator is not creating PrometheusRule resource with alerts if CDI resource is incorrect\n2148383 - Migration metrics values are not sum up values from all VMIs\n2149409 - HPP mounter deployment can\u0027t mount as unprivileged\n2168489 - Overview -\u003e Migrations - The ?Bandwidth consumption? Graph display with wrong values\n2184435 - [cnv-4.12] virt-handler should not delete any pre-configured mediated devices i these are provided by an external provider\n2222191 - [cnv-4.12] manually increasing the number of virt-api pods does not work\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-4450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          },
          {
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "db": "PACKETSTORM",
            "id": "172441"
          },
          {
            "db": "PACKETSTORM",
            "id": "171957"
          },
          {
            "db": "PACKETSTORM",
            "id": "172460"
          },
          {
            "db": "PACKETSTORM",
            "id": "172238"
          },
          {
            "db": "PACKETSTORM",
            "id": "172147"
          },
          {
            "db": "PACKETSTORM",
            "id": "172733"
          },
          {
            "db": "PACKETSTORM",
            "id": "174517"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-4450",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-075-04",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-165-10",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-165-11",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-046-15",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-194-04",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-102-08",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-165-06",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-320-08",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-255-01",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-166-11",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU91213144",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99464755",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU95292697",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99752892",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97200253",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU92598492",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU93250330",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99836374",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU91198149",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003616",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-4450",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "173547",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172441",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171957",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172460",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172238",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172147",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172733",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "174517",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-4450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          },
          {
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "db": "PACKETSTORM",
            "id": "172441"
          },
          {
            "db": "PACKETSTORM",
            "id": "171957"
          },
          {
            "db": "PACKETSTORM",
            "id": "172460"
          },
          {
            "db": "PACKETSTORM",
            "id": "172238"
          },
          {
            "db": "PACKETSTORM",
            "id": "172147"
          },
          {
            "db": "PACKETSTORM",
            "id": "172733"
          },
          {
            "db": "PACKETSTORM",
            "id": "174517"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4450"
          }
        ]
      },
      "id": "VAR-202302-0195",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2376099833333333
      },
      "last_update_date": "2024-07-23T19:21:02.492000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "hitachi-sec-2024-111",
            "trust": 0.8,
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/waugustus/carpetfuzz "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-4450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-415",
            "trust": 1.0
          },
          {
            "problemtype": "Double release (CWE-415) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4450"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4450"
          },
          {
            "trust": 1.0,
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83"
          },
          {
            "trust": 1.0,
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b"
          },
          {
            "trust": 1.0,
            "url": "https://security.gentoo.org/glsa/202402-08"
          },
          {
            "trust": 1.0,
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91213144/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99752892/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99464755/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu95292697/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97200253/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu92598492/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91198149/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99836374/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93250330/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-04"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-08"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-06"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2023-0215"
          },
          {
            "trust": 0.8,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-4450"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-4304"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4304"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2023-0361"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0215"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2023-0286"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0361"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0286"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-41725"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-41724"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2023-23916"
          },
          {
            "trust": 0.2,
            "url": "https://issues.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2023-25173"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-41717"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-34903"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-42898"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-47629"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1586"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/waugustus/carpetfuzz"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-26604"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:4114"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1667"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2283"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24736"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-24329"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-3089"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-2283"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-1667"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24736"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-3089"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-26604"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24329"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20329"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-38023"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26280"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0620"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1587"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21698"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0665"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-46146"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-25725"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-38177"
          },
          {
            "trust": 0.1,
            "url": "https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]:"
          },
          {
            "trust": 0.1,
            "url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-38178"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4238"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1587"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-28642"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3259"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23526"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41316"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-25577"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-30570"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:1325"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43519"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2990"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43519"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23525"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2509"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0056"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-30841"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20329"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41723"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42919"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-38561"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1927"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0229"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-27561"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23525"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44964"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-25000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4238"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42011"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:1326"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-25165"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0217"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0401"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44964"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42010"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0216"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29154"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1897"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-4203"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-25809"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3080"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3841"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3841"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-29199"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-29017"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25881"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-29017"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30547"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25881"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-30547"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-29199"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:1888"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22662"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41715"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-35737"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27664"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0584"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22629"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22624"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-46848"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32190"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-4415"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22628"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-40304"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-40303"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32189"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2880"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26700"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27664"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38578"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-38578"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:2165"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28617"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25173"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41725"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-28617"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41724"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:2107"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:3420"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-34969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38408"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-3899"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-2602"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-32681"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-29469"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3709"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28321"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34969"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-29469"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27536"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32681"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-28321"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28484"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-27536"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-28484"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:4982"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-2603"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2602"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-38408"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-4450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          },
          {
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "db": "PACKETSTORM",
            "id": "172441"
          },
          {
            "db": "PACKETSTORM",
            "id": "171957"
          },
          {
            "db": "PACKETSTORM",
            "id": "172460"
          },
          {
            "db": "PACKETSTORM",
            "id": "172238"
          },
          {
            "db": "PACKETSTORM",
            "id": "172147"
          },
          {
            "db": "PACKETSTORM",
            "id": "172733"
          },
          {
            "db": "PACKETSTORM",
            "id": "174517"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4450"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-4450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          },
          {
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "db": "PACKETSTORM",
            "id": "172441"
          },
          {
            "db": "PACKETSTORM",
            "id": "171957"
          },
          {
            "db": "PACKETSTORM",
            "id": "172460"
          },
          {
            "db": "PACKETSTORM",
            "id": "172238"
          },
          {
            "db": "PACKETSTORM",
            "id": "172147"
          },
          {
            "db": "PACKETSTORM",
            "id": "172733"
          },
          {
            "db": "PACKETSTORM",
            "id": "174517"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4450"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          },
          {
            "date": "2023-07-18T13:35:08",
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "date": "2023-05-18T13:46:17",
            "db": "PACKETSTORM",
            "id": "172441"
          },
          {
            "date": "2023-04-20T16:14:17",
            "db": "PACKETSTORM",
            "id": "171957"
          },
          {
            "date": "2023-05-19T14:41:19",
            "db": "PACKETSTORM",
            "id": "172460"
          },
          {
            "date": "2023-05-09T15:23:44",
            "db": "PACKETSTORM",
            "id": "172238"
          },
          {
            "date": "2023-05-04T14:45:01",
            "db": "PACKETSTORM",
            "id": "172147"
          },
          {
            "date": "2023-06-06T16:30:13",
            "db": "PACKETSTORM",
            "id": "172733"
          },
          {
            "date": "2023-09-06T16:39:54",
            "db": "PACKETSTORM",
            "id": "174517"
          },
          {
            "date": "2023-02-08T20:15:23.973000",
            "db": "NVD",
            "id": "CVE-2022-4450"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-06-17T07:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          },
          {
            "date": "2024-02-04T09:15:08.733000",
            "db": "NVD",
            "id": "CVE-2022-4450"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "172441"
          }
        ],
        "trust": 0.1
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL\u00a0 Double release vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003616"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "sql injection",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "172441"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-202302-0482

    Vulnerability from variot - Updated: 2024-06-17 11:16

    A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

    For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. (CVE-2022-4304) A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. Under certain conditions. (CVE-2023-0286). Bugs fixed (https://bugzilla.redhat.com/):

    2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

    1. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

    All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide several bug fixes. Bugs fixed (https://bugzilla.redhat.com/):

    2171965 - [4.11 clone] Secrets are used in env variables 2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv 2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity 2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs 2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on "openssl"

    1. Summary:

    Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Description:

    Multicluster Engine for Kubernetes 2.1.6 images

    Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds.

    You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

    Jira issue addressed:

    ACM-3513: MCE 2.1.6 images

    Security fix(es):

    • CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

    • Solution:

    For multicluster engine for Kubernetes, see the following documentation for details on how to install the images:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

    1. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update Advisory ID: RHSA-2023:3354-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2023:3354 Issue date: 2023-06-05 CVE Names: CVE-2006-20001 CVE-2022-4304 CVE-2022-4450 CVE-2022-25147 CVE-2022-43551 CVE-2022-43552 CVE-2023-0215 CVE-2023-0286 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-25690 =====================================================================

    1. Summary:

    An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

    Security Fix(es):

    • apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
    • curl: HSTS bypass via IDN (CVE-2022-43551)
    • curl: HTTP Proxy deny use-after-free (CVE-2022-43552)
    • curl: HSTS ignored on multiple requests (CVE-2023-23914)
    • curl: HSTS amnesia with --parallel (CVE-2023-23915)
    • curl: HTTP multi-header compression denial of service (CVE-2023-23916)
    • httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
    • httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
    • openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
    • openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
    • openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
    • openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2152639 - CVE-2022-43551 curl: HSTS bypass via IDN 2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex 2167797 - CVE-2023-23914 curl: HSTS ignored on multiple requests 2167813 - CVE-2023-23915 curl: HSTS amnesia with --parallel 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

    1. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    2. References:

    https://access.redhat.com/security/cve/CVE-2006-20001 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-25147 https://access.redhat.com/security/cve/CVE-2022-43551 https://access.redhat.com/security/cve/CVE-2022-43552 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-23914 https://access.redhat.com/security/cve/CVE-2023-23915 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/cve/CVE-2023-25690 https://access.redhat.com/security/updates/classification/#important

    1. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBZH4jO9zjgjWX9erEAQhdzQ//WjNcrrZ2U8gZyEoQSCNUuGWPbKkm9H5e bdaRIBdB+st5qK0c114J+jSozhjpTsY3FvKVQaIvO5HVpQLXgJZEAjWjTCJPF0R6 zEafAjK8UennjPkXzH7kYfXrGMIyDh+aMj0QN+SQM2IyD34W0Zk3uwjRnO1RlwCN PuPv9RxSTa8SbFAoYkmvI9N1e73Qiwv/50m9dN6DSo1jpLIhiiG15GIB0baoOS05 5Vh8haPq9jmbsHjdyEdDNifgruwm/OipaS6QrcB21T2f0Tsy3Kvn7oUbXC5NxKWZ 1H5RWEnVhFA+pfeY5ZChVYuktqFuhhhsnCcdLzMrzNsDquZXcKP/sRG4Lg6EjrOr sv7ywIgIEAYrHSuXj+b4Bkx1NRKZtMknsfi9Mw3vCARAqvIapBNIthC4dqg0gIiS HoXtsZDoz7GGcguOpcrMuzPOaiJiS8u9M8068JT6k20DSAM/jmL/mkzhaw2GG+KV MRLIaJViehUCrxJ4eht+djH4Mv8aEORWJx81yG91IKsH7nMcBkvqYsHf1qBxm78T L8L1va2P9tS1tA4Dbfp8aKr/Jr/ocMOJhapGCMNnAwsAUErgaGYOSVbYo4Bp2hrG FCsgWJWCB6NQwvRv/CZXar5AMvmVlrOVqYEHjMVQBfVS3Bu12a12EGKtnO3fJAYa 2SvVnChgmv4= =TkYq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . OpenSSL Security Advisory [7th February 2023] =============================================

    X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

    Severity: High

    There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.

    When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

    OpenSSL versions 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

    OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only).

    This issue was reported on 11th January 2023 by David Benjamin (Google). The fix was developed by Hugo Landau.

    OpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

    OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only).

    An initial report of a possible timing side channel was made on 14th July 2020 by Hubert Kario (Red Hat). A refined report identifying a specific timing side channel was made on 15th July 2022 by Hubert Kario. The fix was developed by Dmitry Belyavsky (Red Hat) and Hubert Kario.

    X.509 Name Constraints Read Buffer Overflow (CVE-2022-4203)

    Severity: Moderate

    A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.

    The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory.

    OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue.

    OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.

    OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

    This issue was reported to OpenSSL on 3rd November 2022 by Corey Bonnell from Digicert. The fix was developed by Viktor Dukhovni.

    Use-after-free following BIO_new_NDEF (CVE-2023-0215)

    Severity: Moderate

    The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.

    The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash.

    This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.

    Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream.

    The OpenSSL cms and smime command line applications are similarly affected.

    OpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

    OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only).

    This issue was reported on 29th November 2022 by Octavio Galland and Marcel Böhme (Max Planck Institute for Security and Privacy). The fix was developed by Viktor Dukhovni and Matt Caswell.

    Double free after calling PEM_read_bio_ex (CVE-2022-4450)

    Severity: Moderate

    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack.

    The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected.

    These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0.

    The OpenSSL asn1parse command line application is also impacted by this issue.

    OpenSSL 3.0 and 1.1.1 are vulnerable to this issue.

    OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t.

    OpenSSL 1.0.2 is not affected by this issue.

    This issue was discovered by CarpetFuzz and reported on 8th December 2022 by Dawei Wang. The fix was developed by Kurt Roeckx and Matt Caswell.

    Invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216)

    Severity: Moderate

    An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.

    The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

    OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue.

    OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.

    OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

    This issue was reported on 27th December 2022 by Marc Schönefeld. The fix was developed by Tomas Mraz.

    NULL dereference validating DSA public key (CVE-2023-0217)

    Severity: Moderate

    An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack.

    The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

    OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue.

    OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.

    OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

    This issue was reported on 27th December 2022 by Kurt Roeckx. The fix was developed by Shane Lontis from Oracle.

    NULL dereference during PKCS7 data verification (CVE-2023-0401)

    Severity: Moderate

    A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash.

    The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider.

    PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

    OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue.

    OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8.

    OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

    This issue was reported on 13th January 2023 by Hubert Kario and Dmitry Belyavsky (Red Hat). The fix was developed by Tomas Mraz.

    References

    URL for this Security Advisory: https://www.openssl.org/news/secadv/20230207.txt

    Note: the online version of the advisory may be updated with additional details over time.

    For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/general/security-policy.html .

    This advisory contains OpenShift Virtualization 4.12.6 images. Bugs fixed (https://bugzilla.redhat.com/):

    2139896 - Requested TSC frequency outside tolerance range & TSC scaling not supported 2145146 - CDI operator is not creating PrometheusRule resource with alerts if CDI resource is incorrect 2148383 - Migration metrics values are not sum up values from all VMIs 2149409 - HPP mounter deployment can't mount as unprivileged 2168489 - Overview -> Migrations - The ?Bandwidth consumption? Graph display with wrong values 2184435 - [cnv-4.12] virt-handler should not delete any pre-configured mediated devices i these are provided by an external provider 2222191 - [cnv-4.12] manually increasing the number of virt-api pods does not work

    1. ========================================================================== Ubuntu Security Notice USN-6564-1 January 03, 2024

    nodejs vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 22.04 LTS

    Summary:

    Several security issues were fixed in Node.js.

    Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment.

    Details:

    Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2022-4304)

    CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-4450)

    Octavio Galland and Marcel Böhme discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0215)

    David Benjamin discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-0286)

    Hubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0401)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.3 libnode72 12.22.9~dfsg-1ubuntu3.3 nodejs 12.22.9~dfsg-1ubuntu3.3

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202302-0482",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ucosminexus service platform",
            "scope": null,
            "trust": 1.6,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "ucosminexus application server",
            "scope": null,
            "trust": 1.6,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "ucosminexus primary server base",
            "scope": null,
            "trust": 1.6,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "3.0.0"
          },
          {
            "model": "openssl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "model": "openssl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.2zg"
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.4.0"
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "2.7.0"
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.6.3"
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "2.8.0"
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.3.16"
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "3.8.0"
          },
          {
            "model": "openssl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.1.1t"
          },
          {
            "model": "openssl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "3.0.8"
          },
          {
            "model": "openssl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.1.1"
          },
          {
            "model": "sslvpn",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "3.2.1"
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "2.7.11"
          },
          {
            "model": "endpoint security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "7.2.40"
          },
          {
            "model": "network security",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "4.0.0"
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "3.11.22"
          },
          {
            "model": "network security",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "stormshield",
            "version": "3.7.34"
          },
          {
            "model": "hitachi compute systems manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "hitachi tuning manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/performance management - manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/snmp system observer",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u74b0\u5883 for java",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "connexive pf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/it desktop management 2 - smart device manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "hitachi tiered storage manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "hitachi configuration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "nec multimedia olap for \u6620\u50cf\u5206\u6790\u30b5\u30fc\u30d3\u30b9",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/navigation platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/navigation platform for developers",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "openssl",
            "scope": null,
            "trust": 0.8,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": "jp1/operations analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/base",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "ix \u30eb\u30fc\u30bf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/automatic job management system 3 - manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "\u5f97\u9078\u8857\u30fbgcb",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/it desktop management 2 - manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/data highway - server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/it desktop management 2 - operations director",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/performance management - agent option for service response",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "esmpro/serveragent",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "neoface monitor",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "\u990a\u6b96\u9b5a\u30b5\u30a4\u30ba\u6e2c\u5b9a\u81ea\u52d5\u5316\u30b5\u30fc\u30d3\u30b9",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "vran",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "ucosminexus application server-r",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "ucosminexus developer",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/service support",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/service support starter edition",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "webotx application server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "hitachi device manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/automatic operation",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "ucosminexus service architect",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "spoolserver/reportfiling",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "hitachi global link manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "webotx sip application server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "cosminexus http server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "hitachi replication manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "iot \u5171\u901a\u57fa\u76e4",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "\u65e5\u7acb\u30a2\u30c9\u30d0\u30f3\u30b9\u30c8\u30b5\u30fc\u30d0 ha8000v \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/data highway - server starter edition",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "connexive application platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "nec enhanced speech analysis",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "jp1/automatic job management system 3 - definitions assistant",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "model": "jp1/file transmission server/ftp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4304"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.0.8",
                    "versionStartIncluding": "3.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.1.1t",
                    "versionStartIncluding": "1.1.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.2zg",
                    "versionStartIncluding": "1.0.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.6.3",
                    "versionStartIncluding": "4.4.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3.16",
                    "versionStartIncluding": "4.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.11.22",
                    "versionStartIncluding": "3.8.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.7.34",
                    "versionStartIncluding": "2.8.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.11",
                    "versionStartIncluding": "2.7.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:endpoint_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.2.40",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:stormshield:sslvpn:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-4304"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "db": "PACKETSTORM",
            "id": "172045"
          },
          {
            "db": "PACKETSTORM",
            "id": "172084"
          },
          {
            "db": "PACKETSTORM",
            "id": "172737"
          },
          {
            "db": "PACKETSTORM",
            "id": "172734"
          },
          {
            "db": "PACKETSTORM",
            "id": "174517"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-4304",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-4304",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-4304",
                "trust": 1.8,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4304"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE. \n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection. (CVE-2022-4304)\nA use-after-free vulnerability was found in OpenSSL\u0027s BIO_new_NDEF function. Under certain conditions. (CVE-2023-0286). Bugs fixed (https://bugzilla.redhat.com/):\n\n2212085 - CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n5. Red Hat\nOpenShift Data Foundation is a highly scalable, production-grade persistent\nstorage for stateful applications running in the Red Hat OpenShift\nContainer Platform. In addition to persistent storage, Red Hat OpenShift\nData Foundation provisions a multicloud data management service with an S3\ncompatible API. \n\nAll users of Red Hat OpenShift Data Foundation are advised to upgrade to\nthese updated images, which provide several bug fixes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2171965 - [4.11 clone] Secrets are used in env variables\n2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv\n2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity\n2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs\n2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on \"openssl\"\n\n5. Summary:\n\nMulticluster Engine for Kubernetes 2.1.6 General Availability release\nimages,\nwhich fix bugs and security updates container images. Description:\n\nMulticluster Engine for Kubernetes 2.1.6 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds. \n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy. \n\nJira issue addressed:\n\nACM-3513: MCE 2.1.6 images\n\nSecurity fix(es):\n\n* CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service\n(ReDoS) vulnerability\n\n3. Solution:\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability\n\n5. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update\nAdvisory ID:       RHSA-2023:3354-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:3354\nIssue date:        2023-06-05\nCVE Names:         CVE-2006-20001 CVE-2022-4304 CVE-2022-4450 \n                   CVE-2022-25147 CVE-2022-43551 CVE-2022-43552 \n                   CVE-2023-0215 CVE-2023-0286 CVE-2023-23914 \n                   CVE-2023-23915 CVE-2023-23916 CVE-2023-25690 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services Apache HTTP\nServer 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 2 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and\nenhancements, which are documented in the Release Notes document linked to\nin the References. \n\nSecurity Fix(es):\n\n* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)\n* curl: HSTS bypass via IDN (CVE-2022-43551)\n* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)\n* curl: HSTS ignored on multiple requests (CVE-2023-23914)\n* curl: HSTS amnesia with --parallel (CVE-2023-23915)\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)\n* httpd: HTTP request splitting with mod_rewrite and mod_proxy\n(CVE-2023-25690)\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n* openssl: X.400 address type confusion in X.509 GeneralName\n(CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2152639 - CVE-2022-43551 curl: HSTS bypass via IDN\n2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response\n2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte\n2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName\n2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation\n2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF\n2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex\n2167797 - CVE-2023-23914 curl: HSTS ignored on multiple requests\n2167813 - CVE-2023-23915 curl: HSTS amnesia with --parallel\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64\n2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy\n\n6.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2006-20001\nhttps://access.redhat.com/security/cve/CVE-2022-4304\nhttps://access.redhat.com/security/cve/CVE-2022-4450\nhttps://access.redhat.com/security/cve/CVE-2022-25147\nhttps://access.redhat.com/security/cve/CVE-2022-43551\nhttps://access.redhat.com/security/cve/CVE-2022-43552\nhttps://access.redhat.com/security/cve/CVE-2023-0215\nhttps://access.redhat.com/security/cve/CVE-2023-0286\nhttps://access.redhat.com/security/cve/CVE-2023-23914\nhttps://access.redhat.com/security/cve/CVE-2023-23915\nhttps://access.redhat.com/security/cve/CVE-2023-23916\nhttps://access.redhat.com/security/cve/CVE-2023-25690\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZH4jO9zjgjWX9erEAQhdzQ//WjNcrrZ2U8gZyEoQSCNUuGWPbKkm9H5e\nbdaRIBdB+st5qK0c114J+jSozhjpTsY3FvKVQaIvO5HVpQLXgJZEAjWjTCJPF0R6\nzEafAjK8UennjPkXzH7kYfXrGMIyDh+aMj0QN+SQM2IyD34W0Zk3uwjRnO1RlwCN\nPuPv9RxSTa8SbFAoYkmvI9N1e73Qiwv/50m9dN6DSo1jpLIhiiG15GIB0baoOS05\n5Vh8haPq9jmbsHjdyEdDNifgruwm/OipaS6QrcB21T2f0Tsy3Kvn7oUbXC5NxKWZ\n1H5RWEnVhFA+pfeY5ZChVYuktqFuhhhsnCcdLzMrzNsDquZXcKP/sRG4Lg6EjrOr\nsv7ywIgIEAYrHSuXj+b4Bkx1NRKZtMknsfi9Mw3vCARAqvIapBNIthC4dqg0gIiS\nHoXtsZDoz7GGcguOpcrMuzPOaiJiS8u9M8068JT6k20DSAM/jmL/mkzhaw2GG+KV\nMRLIaJViehUCrxJ4eht+djH4Mv8aEORWJx81yG91IKsH7nMcBkvqYsHf1qBxm78T\nL8L1va2P9tS1tA4Dbfp8aKr/Jr/ocMOJhapGCMNnAwsAUErgaGYOSVbYo4Bp2hrG\nFCsgWJWCB6NQwvRv/CZXar5AMvmVlrOVqYEHjMVQBfVS3Bu12a12EGKtnO3fJAYa\n2SvVnChgmv4=\n=TkYq\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. OpenSSL Security Advisory [7th February 2023]\n=============================================\n\nX.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n=================================================================\n\nSeverity: High\n\nThere is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING. \n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network. \n\nOpenSSL versions 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \nOpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. \nOpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers\nonly). \n\nThis issue was reported on 11th January 2023 by David Benjamin (Google). \nThe fix was developed by Hugo Landau. \n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \nOpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. \nOpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers\nonly). \n\nAn initial report of a possible timing side channel was made on 14th July 2020\nby Hubert Kario (Red Hat). A refined report identifying a specific timing side\nchannel was made on 15th July 2022 by Hubert Kario. \nThe fix was developed by Dmitry Belyavsky (Red Hat) and Hubert Kario. \n\nX.509 Name Constraints Read Buffer Overflow (CVE-2022-4203)\n===========================================================\n\nSeverity: Moderate\n\nA read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer. \n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory. \n\nOpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue. \n\nThis issue was reported to OpenSSL on 3rd November 2022 by Corey Bonnell\nfrom Digicert. The fix was developed by Viktor Dukhovni. \n\nUse-after-free following BIO_new_NDEF (CVE-2023-0215)\n=====================================================\n\nSeverity: Moderate\n\nThe public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications. \n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash. \n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. \n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream. \n\nThe OpenSSL cms and smime command line applications are similarly affected. \n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \nOpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. \nOpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers\nonly). \n\nThis issue was reported on 29th November 2022 by Octavio Galland and\nMarcel B\u00f6hme (Max Planck Institute for Security and Privacy). The fix was\ndeveloped by Viktor Dukhovni and Matt Caswell. \n\nDouble free after calling PEM_read_bio_ex (CVE-2022-4450)\n=========================================================\n\nSeverity: Moderate\n\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. \nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack. \n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected. \n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0. \n\nThe OpenSSL asn1parse command line application is also impacted by this issue. \n\nOpenSSL 3.0 and 1.1.1 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \nOpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. \n\nOpenSSL 1.0.2 is not affected by this issue. \n\nThis issue was discovered by CarpetFuzz and reported on 8th December 2022 by\nDawei Wang. The fix was developed by Kurt Roeckx and Matt Caswell. \n\nInvalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216)\n==================================================================\n\nSeverity: Moderate\n\nAn invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. \n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data. \n\nOpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue. \n\nThis issue was reported on 27th December 2022 by Marc Sch\u00f6nefeld. \nThe fix was developed by Tomas Mraz. \n\nNULL dereference validating DSA public key (CVE-2023-0217)\n==========================================================\n\nSeverity: Moderate\n\nAn invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack. \n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3. \n\nOpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue. \n\nThis issue was reported on 27th December 2022 by Kurt Roeckx. \nThe fix was developed by Shane Lontis from Oracle. \n\nNULL dereference during PKCS7 data verification (CVE-2023-0401)\n===============================================================\n\nSeverity: Moderate\n\nA NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash. \n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider. \n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata. \n\nOpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. \n\nOpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. \n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue. \n\nThis issue was reported on 13th January 2023 by Hubert Kario and\nDmitry Belyavsky (Red Hat). \nThe fix was developed by Tomas Mraz. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20230207.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/general/security-policy.html\n. \n\nThis advisory contains OpenShift Virtualization 4.12.6 images. Bugs fixed (https://bugzilla.redhat.com/):\n\n2139896 - Requested TSC frequency outside tolerance range \u0026 TSC scaling not supported\n2145146 - CDI operator is not creating PrometheusRule resource with alerts if CDI resource is incorrect\n2148383 - Migration metrics values are not sum up values from all VMIs\n2149409 - HPP mounter deployment can\u0027t mount as unprivileged\n2168489 - Overview -\u003e Migrations - The ?Bandwidth consumption? Graph display with wrong values\n2184435 - [cnv-4.12] virt-handler should not delete any pre-configured mediated devices i these are provided by an external provider\n2222191 - [cnv-4.12] manually increasing the number of virt-api pods does not work\n\n5. ==========================================================================\nUbuntu Security Notice USN-6564-1\nJanuary 03, 2024\n\nnodejs vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Node.js. \n\nSoftware Description:\n- nodejs: An open-source, cross-platform JavaScript runtime environment. \n\nDetails:\n\nHubert Kario discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to obtain sensitive\ninformation. (CVE-2022-4304)\n\nCarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain\ninputs. If a user or an automated system were tricked into opening a specially\ncrafted input file, a remote attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-4450)\n\nOctavio Galland and Marcel B\u00f6hme discovered that Node.js incorrectly handled\ncertain inputs. If a user or an automated system were tricked into opening a\nspecially crafted input file, a remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2023-0215)\n\nDavid Benjamin discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to obtain sensitive\ninformation. (CVE-2023-0286)\n\nHubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled\ncertain inputs. If a user or an automated system were tricked into opening a\nspecially crafted input file, a remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2023-0401)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n   libnode-dev                     12.22.9~dfsg-1ubuntu3.3\n   libnode72                       12.22.9~dfsg-1ubuntu3.3\n   nodejs                          12.22.9~dfsg-1ubuntu3.3\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-4304"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-4304"
          },
          {
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "db": "PACKETSTORM",
            "id": "172045"
          },
          {
            "db": "PACKETSTORM",
            "id": "172084"
          },
          {
            "db": "PACKETSTORM",
            "id": "172737"
          },
          {
            "db": "PACKETSTORM",
            "id": "172734"
          },
          {
            "db": "PACKETSTORM",
            "id": "170922"
          },
          {
            "db": "PACKETSTORM",
            "id": "174517"
          },
          {
            "db": "PACKETSTORM",
            "id": "176366"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-4304",
            "trust": 3.5
          },
          {
            "db": "JVN",
            "id": "JVNVU90056839",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU91676340",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU95292697",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU91198149",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU92598492",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99464755",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97200253",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99752892",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU91213144",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98954443",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-075-04",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-143-02",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-046-15",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-222-09",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-255-01",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-166-11",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-320-08",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-194-04",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003736",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-4304",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "173547",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172045",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172084",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172737",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172734",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170922",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "174517",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "176366",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-4304"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          },
          {
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "db": "PACKETSTORM",
            "id": "172045"
          },
          {
            "db": "PACKETSTORM",
            "id": "172084"
          },
          {
            "db": "PACKETSTORM",
            "id": "172737"
          },
          {
            "db": "PACKETSTORM",
            "id": "172734"
          },
          {
            "db": "PACKETSTORM",
            "id": "170922"
          },
          {
            "db": "PACKETSTORM",
            "id": "174517"
          },
          {
            "db": "PACKETSTORM",
            "id": "176366"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4304"
          }
        ]
      },
      "id": "VAR-202302-0482",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.24287330499999998
      },
      "last_update_date": "2024-06-17T11:16:50.530000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "hitachi-sec-2023-135 Software product security information",
            "trust": 0.8,
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "title": "Red Hat: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-4304"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2023-1683",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2023-1683"
          },
          {
            "title": "Debian Security Advisories: DSA-5343-1 openssl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b6a11b827fe9cfaea9c113b2ad37856f"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2023-1935",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2023-1935"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2023-1934",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2023-1934"
          },
          {
            "title": "Palo Alto Networks Security Advisory: PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=3092389eb9f034e4b8387a75a5ae33f8"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2022-4304 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-4304"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-203",
            "trust": 1.0
          },
          {
            "problemtype": "others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4304"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4304"
          },
          {
            "trust": 1.2,
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "trust": 1.0,
            "url": "https://security.gentoo.org/glsa/202402-08"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91213144/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99752892/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91676340/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99464755/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu95292697/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu90056839/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97200253/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu92598492/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98954443/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91198149/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-02"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-04"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-09"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4450"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0215"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2022-4304"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2023-0215"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-4450"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0286"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2023-0361"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0361"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2023-0286"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2023-23916"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://issues.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-48303"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40897"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10735"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-40897"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4415"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-45061"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10735"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-4415"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-45061"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-28861"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28861"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-48303"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0401"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2022-4304"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://alas.aws.amazon.com/alas-2023-1683.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-26604"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:4114"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1667"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2283"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24736"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-24329"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-3089"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-2283"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-1667"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24736"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-3089"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-26604"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24329"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-40186"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:2023"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40186"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25881"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0767"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:2061"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0767"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25881"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:3421"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=5.7"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25147"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-23915"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-25690"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-43552"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-23914"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25690"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23914"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-20001"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25147"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:3354"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43551"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2006-20001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-43551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4203"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/policies/general/security-policy.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0216"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0217"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-34969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38408"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-3899"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-2602"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-32681"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-29469"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3709"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28321"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34969"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-29469"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27536"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32681"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-28321"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28484"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-27536"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-28484"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:4982"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-2603"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2602"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-38408"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-6564-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.3"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-4304"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          },
          {
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "db": "PACKETSTORM",
            "id": "172045"
          },
          {
            "db": "PACKETSTORM",
            "id": "172084"
          },
          {
            "db": "PACKETSTORM",
            "id": "172737"
          },
          {
            "db": "PACKETSTORM",
            "id": "172734"
          },
          {
            "db": "PACKETSTORM",
            "id": "170922"
          },
          {
            "db": "PACKETSTORM",
            "id": "174517"
          },
          {
            "db": "PACKETSTORM",
            "id": "176366"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4304"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-4304"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          },
          {
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "db": "PACKETSTORM",
            "id": "172045"
          },
          {
            "db": "PACKETSTORM",
            "id": "172084"
          },
          {
            "db": "PACKETSTORM",
            "id": "172737"
          },
          {
            "db": "PACKETSTORM",
            "id": "172734"
          },
          {
            "db": "PACKETSTORM",
            "id": "170922"
          },
          {
            "db": "PACKETSTORM",
            "id": "174517"
          },
          {
            "db": "PACKETSTORM",
            "id": "176366"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-4304"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-4304"
          },
          {
            "date": "2023-03-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          },
          {
            "date": "2023-07-18T13:35:08",
            "db": "PACKETSTORM",
            "id": "173547"
          },
          {
            "date": "2023-04-26T15:28:12",
            "db": "PACKETSTORM",
            "id": "172045"
          },
          {
            "date": "2023-05-02T15:33:51",
            "db": "PACKETSTORM",
            "id": "172084"
          },
          {
            "date": "2023-06-06T16:32:27",
            "db": "PACKETSTORM",
            "id": "172737"
          },
          {
            "date": "2023-06-06T16:30:34",
            "db": "PACKETSTORM",
            "id": "172734"
          },
          {
            "date": "2023-02-07T12:12:12",
            "db": "PACKETSTORM",
            "id": "170922"
          },
          {
            "date": "2023-09-06T16:39:54",
            "db": "PACKETSTORM",
            "id": "174517"
          },
          {
            "date": "2024-01-03T14:50:24",
            "db": "PACKETSTORM",
            "id": "176366"
          },
          {
            "date": "2023-02-08T20:15:23.887000",
            "db": "NVD",
            "id": "CVE-2022-4304"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-4304"
          },
          {
            "date": "2024-03-14T03:32:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          },
          {
            "date": "2024-02-04T09:15:08.627000",
            "db": "NVD",
            "id": "CVE-2022-4304"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "176366"
          }
        ],
        "trust": 0.1
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL\u00a0 side-channel vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003736"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "overflow",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "170922"
          }
        ],
        "trust": 0.1
      }
    }