cvelistv5 - CVE-2018-1070

CVE-2018-1070

Vulnerability from cvelistv5

Published

2018-06-12 13:00

Modified

2024-08-05 03:51

Severity ?

6.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Summary

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:2013	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2013	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070	Issue Tracking

Impacted products

Vendor

Product

Version

▼

[UNKNOWN]

routing

Version: Routing 3.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:47.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2013",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2013"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "routing",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "Routing 3.10"
            }
          ]
        }
      ],
      "datePublic": "2018-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-28T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:2013",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1070",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "routing",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Routing 3.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2013",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2013"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1070",
    "datePublished": "2018-06-12T13:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T03:51:47.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.10\", \"matchCriteriaId\": \"6DA472B6-F9D0-4F01-977E-EEAF19C292D3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.\"}, {\"lang\": \"es\", \"value\": \"routing en versiones anteriores a la 3.10 es vulnerable a una validaci\\u00f3n de entradas incorrecta de la configuraci\\u00f3n de Openshift Routing que puede permitir que una partici\\u00f3n entera se caiga. Un usuario malicioso puede emplear esta vulnerabilidad para provocar un ataque de denegaci\\u00f3n de servicio (DoS) para otros usuarios de la partici\\u00f3n del router.\"}]",
      "id": "CVE-2018-1070",
      "lastModified": "2024-11-21T03:59:07.020",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-06-12T13:29:00.300",
      "references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2018:2013\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2013\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1070\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-06-12T13:29:00.300\",\"lastModified\":\"2024-11-21T03:59:07.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.\"},{\"lang\":\"es\",\"value\":\"routing en versiones anteriores a la 3.10 es vulnerable a una validaci\u00f3n de entradas incorrecta de la configuraci\u00f3n de Openshift Routing que puede permitir que una partici\u00f3n entera se caiga. Un usuario malicioso puede emplear esta vulnerabilidad para provocar un ataque de denegaci\u00f3n de servicio (DoS) para otros usuarios de la partici\u00f3n del router.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.10\",\"matchCriteriaId\":\"6DA472B6-F9D0-4F01-977E-EEAF19C292D3\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2013\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]}]}}"
  }
}

ghsa-mfw5-7x4h-m4v5

Vulnerability from github

Published

2022-05-13 01:33

Modified

2022-05-13 01:33

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-12T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
  "id": "GHSA-mfw5-7x4h-m4v5",
  "modified": "2022-05-13T01:33:34Z",
  "published": "2022-05-13T01:33:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2013"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2018-1070

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-1070

Aliases

CVE-2018-1070

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1070",
    "description": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
    "id": "GSD-2018-1070",
    "references": [
      "https://access.redhat.com/errata/RHSA-2018:2013"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1070"
      ],
      "details": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
      "id": "GSD-2018-1070",
      "modified": "2023-12-13T01:22:37.324867Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2018-1070",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "routing",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Routing 3.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "[UNKNOWN]"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard."
          }
        ]
      },
      "impact": {
        "cvss": [
          [
            {
              "vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
              "version": "3.0"
            }
          ]
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2018:2013",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:2013"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1070"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"
            },
            {
              "name": "RHSA-2018:2013",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2013"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:38Z",
      "publishedDate": "2018-06-12T13:29Z"
    }
  }
}

rhsa-2018:2013

Vulnerability from csaf_redhat

Published

2018-06-27 18:01

Modified

2024-11-22 12:05

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update

Notes

Topic

Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2018:2014 Security Fix(es): * routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070) * openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085) * source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat). Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:2014\n\nSecurity Fix(es):\n\n* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)\n\n* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)\n\n* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:2013",
        "url": "https://access.redhat.com/errata/RHSA-2018:2013"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1466390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466390"
      },
      {
        "category": "external",
        "summary": "1498398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498398"
      },
      {
        "category": "external",
        "summary": "1506175",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506175"
      },
      {
        "category": "external",
        "summary": "1507429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507429"
      },
      {
        "category": "external",
        "summary": "1512042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512042"
      },
      {
        "category": "external",
        "summary": "1525642",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525642"
      },
      {
        "category": "external",
        "summary": "1529575",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529575"
      },
      {
        "category": "external",
        "summary": "1531096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531096"
      },
      {
        "category": "external",
        "summary": "1534311",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534311"
      },
      {
        "category": "external",
        "summary": "1534894",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534894"
      },
      {
        "category": "external",
        "summary": "1537872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537872"
      },
      {
        "category": "external",
        "summary": "1538215",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538215"
      },
      {
        "category": "external",
        "summary": "1539252",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539252"
      },
      {
        "category": "external",
        "summary": "1539310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539310"
      },
      {
        "category": "external",
        "summary": "1539529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539529"
      },
      {
        "category": "external",
        "summary": "1539757",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539757"
      },
      {
        "category": "external",
        "summary": "1540819",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540819"
      },
      {
        "category": "external",
        "summary": "1541212",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541212"
      },
      {
        "category": "external",
        "summary": "1541350",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541350"
      },
      {
        "category": "external",
        "summary": "1542387",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542387"
      },
      {
        "category": "external",
        "summary": "1542460",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542460"
      },
      {
        "category": "external",
        "summary": "1546097",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546097"
      },
      {
        "category": "external",
        "summary": "1546324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546324"
      },
      {
        "category": "external",
        "summary": "1546936",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546936"
      },
      {
        "category": "external",
        "summary": "1548677",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548677"
      },
      {
        "category": "external",
        "summary": "1549060",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549060"
      },
      {
        "category": "external",
        "summary": "1549454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549454"
      },
      {
        "category": "external",
        "summary": "1550193",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550193"
      },
      {
        "category": "external",
        "summary": "1550316",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550316"
      },
      {
        "category": "external",
        "summary": "1550385",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550385"
      },
      {
        "category": "external",
        "summary": "1550591",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550591"
      },
      {
        "category": "external",
        "summary": "1553012",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553012"
      },
      {
        "category": "external",
        "summary": "1553035",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
      },
      {
        "category": "external",
        "summary": "1553294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553294"
      },
      {
        "category": "external",
        "summary": "1554141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554141"
      },
      {
        "category": "external",
        "summary": "1554145",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554145"
      },
      {
        "category": "external",
        "summary": "1554239",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554239"
      },
      {
        "category": "external",
        "summary": "1557040",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557040"
      },
      {
        "category": "external",
        "summary": "1557822",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
      },
      {
        "category": "external",
        "summary": "1558183",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558183"
      },
      {
        "category": "external",
        "summary": "1558997",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558997"
      },
      {
        "category": "external",
        "summary": "1560311",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560311"
      },
      {
        "category": "external",
        "summary": "1563150",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563150"
      },
      {
        "category": "external",
        "summary": "1563673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563673"
      },
      {
        "category": "external",
        "summary": "1566238",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566238"
      },
      {
        "category": "external",
        "summary": "1568815",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568815"
      },
      {
        "category": "external",
        "summary": "1569030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569030"
      },
      {
        "category": "external",
        "summary": "1570065",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570065"
      },
      {
        "category": "external",
        "summary": "1570581",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570581"
      },
      {
        "category": "external",
        "summary": "1571601",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571601"
      },
      {
        "category": "external",
        "summary": "1571944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571944"
      },
      {
        "category": "external",
        "summary": "1572786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572786"
      },
      {
        "category": "external",
        "summary": "1579096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
      },
      {
        "category": "external",
        "summary": "1580538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580538"
      },
      {
        "category": "external",
        "summary": "1583895",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583895"
      },
      {
        "category": "external",
        "summary": "1585243",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585243"
      },
      {
        "category": "external",
        "summary": "1586076",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586076"
      },
      {
        "category": "external",
        "summary": "1588009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588009"
      },
      {
        "category": "external",
        "summary": "1588768",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588768"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2013.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T12:05:42+00:00",
      "generator": {
        "date": "2024-11-22T12:05:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2018:2013",
      "initial_release_date": "2018-06-27T18:01:43+00:00",
      "revision_history": [
        {
          "date": "2018-06-27T18:01:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-06-27T18:01:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T12:05:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.9",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.9",
                  "product_id": "7Server-RH7-RHOSE-3.9",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.9::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                  "product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                  "product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                "product": {
                  "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                  "product_id": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.9.31-1.git.890.a55de06.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.31-1.git.351.1bd46ed.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                  "product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                  "product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                  "product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                  "product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mysql-apb-role-0:1.1.11-1.el7.src",
                "product": {
                  "name": "mysql-apb-role-0:1.1.11-1.el7.src",
                  "product_id": "mysql-apb-role-0:1.1.11-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                "product": {
                  "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                  "product_id": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.31-1.git.890.a55de06.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                "product": {
                  "name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                  "product_id": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src"
        },
        "product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64"
        },
        "product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src"
        },
        "product_reference": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mysql-apb-role-0:1.1.11-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch"
        },
        "product_reference": "mysql-apb-role-0:1.1.11-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mysql-apb-role-0:1.1.11-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src"
        },
        "product_reference": "mysql-apb-role-0:1.1.11-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        },
        "product_reference": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Mark Chappell"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2018-1070",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-10-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1553035"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Improper input validation of the Openshift Routing configuration can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Routing: Malicous Service configuration can bring down routing for an entire shard.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1070"
        },
        {
          "category": "external",
          "summary": "RHBZ#1553035",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1070"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070"
        }
      ],
      "release_date": "2018-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Routing: Malicous Service configuration can bring down routing for an entire shard."
    },
    {
      "acknowledgments": [
        {
          "names": [
            "David Hocky"
          ],
          "organization": "Comcast"
        }
      ],
      "cve": "CVE-2018-1085",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2018-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1557822"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects Openshift Container Platform (OCP) only if you use the container installation method. The container installation method is tech preview in 3.7.1. This issue affected all users who did a containerized etcd in OCP versions 3.7.1-3.6.\n\nIf etcd is installed via RPM and run via \u0027/usr/bin/etcd\u0027 it\u0027s not affected by this flaw. You can check if etcd is being run from \u0027/usr//bin/etcd\u0027 using a \u0027ps\u0027 command such as this on the master nodes. If Installed via RPM you should get output similar to:\n\nps -ef | grep etcd\n$/usr/bin/etcd --name=master-0.example.com --data-dir=/var/lib/etcd/ --listen-client-urls=https://10.0.1.1:2379\n\nIf etcd is installed via the container method running \u0027docker ps\u0027 on the master will show a container running the registry.access.redhat.com/rhel7/etcd image, eg:\n\nsudo docker ps --filter name=etcd_container\n$704effa9b0cc        registry.access.redhat.com/rhel7/etcd   \"/usr/bin/etcd\"     56 minutes ago      Up 56 minutes                           etcd_container",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1085"
        },
        {
          "category": "external",
          "summary": "RHBZ#1557822",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1085",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1085"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085"
        }
      ],
      "release_date": "2018-03-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        },
        {
          "category": "workaround",
          "details": "On master nodes where etcd has been installed using the container method:\n\n0. Verify you can connect to etcd without providing TLS authentication credentials. On any master node, check the ETCD_LISTEN_CLIENT_URLS in /etc/etcd/etcd.conf, and use one of the client urls to connect without providing a certificate, eg:\n   curl -4 curl https://10.0.1.1:2379/version -k\n\n0a. If vulnerable output will show something like this:\n   {\"etcdserver\":\"3.2.15\",\"etcdcluster\":\"3.2.0\"}\n\n0b. If not affected the connection will fail with:\n    curl: (58) NSS: client certificate not found (nickname not specified)\n\n1. update /etc/etcd/etcd.conf on the master nodes to remove quotes from these fields:\n   ETCD_PEER_CLIENT_CERT_AUTH=\"true\"\n   ETCD_CLIENT_CERT_AUTH=\"true\"\neg.\n   ETCD_PEER_CLIENT_CERT_AUTH=true\n   ETCD_CLIENT_CERT_AUTH=true\n\n2. Restart the etcd container service:\n   sudo systemctl restart etcd_container\n\n3. Test if client authentication is now required using the steps from 0. above.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jeremy Choi"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2018-10843",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1579096"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container.  An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-10843"
        },
        {
          "category": "external",
          "summary": "RHBZ#1579096",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-10843"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843"
        }
      ],
      "release_date": "2018-05-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code"
    }
  ]
}

RHSA-2018:2013

Vulnerability from csaf_redhat

Published

2018-06-27 18:01

Modified

2024-11-22 12:05

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:2014\n\nSecurity Fix(es):\n\n* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)\n\n* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)\n\n* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:2013",
        "url": "https://access.redhat.com/errata/RHSA-2018:2013"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1466390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466390"
      },
      {
        "category": "external",
        "summary": "1498398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498398"
      },
      {
        "category": "external",
        "summary": "1506175",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506175"
      },
      {
        "category": "external",
        "summary": "1507429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507429"
      },
      {
        "category": "external",
        "summary": "1512042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512042"
      },
      {
        "category": "external",
        "summary": "1525642",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525642"
      },
      {
        "category": "external",
        "summary": "1529575",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529575"
      },
      {
        "category": "external",
        "summary": "1531096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531096"
      },
      {
        "category": "external",
        "summary": "1534311",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534311"
      },
      {
        "category": "external",
        "summary": "1534894",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534894"
      },
      {
        "category": "external",
        "summary": "1537872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537872"
      },
      {
        "category": "external",
        "summary": "1538215",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538215"
      },
      {
        "category": "external",
        "summary": "1539252",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539252"
      },
      {
        "category": "external",
        "summary": "1539310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539310"
      },
      {
        "category": "external",
        "summary": "1539529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539529"
      },
      {
        "category": "external",
        "summary": "1539757",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539757"
      },
      {
        "category": "external",
        "summary": "1540819",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540819"
      },
      {
        "category": "external",
        "summary": "1541212",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541212"
      },
      {
        "category": "external",
        "summary": "1541350",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541350"
      },
      {
        "category": "external",
        "summary": "1542387",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542387"
      },
      {
        "category": "external",
        "summary": "1542460",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542460"
      },
      {
        "category": "external",
        "summary": "1546097",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546097"
      },
      {
        "category": "external",
        "summary": "1546324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546324"
      },
      {
        "category": "external",
        "summary": "1546936",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546936"
      },
      {
        "category": "external",
        "summary": "1548677",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548677"
      },
      {
        "category": "external",
        "summary": "1549060",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549060"
      },
      {
        "category": "external",
        "summary": "1549454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549454"
      },
      {
        "category": "external",
        "summary": "1550193",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550193"
      },
      {
        "category": "external",
        "summary": "1550316",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550316"
      },
      {
        "category": "external",
        "summary": "1550385",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550385"
      },
      {
        "category": "external",
        "summary": "1550591",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550591"
      },
      {
        "category": "external",
        "summary": "1553012",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553012"
      },
      {
        "category": "external",
        "summary": "1553035",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
      },
      {
        "category": "external",
        "summary": "1553294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553294"
      },
      {
        "category": "external",
        "summary": "1554141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554141"
      },
      {
        "category": "external",
        "summary": "1554145",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554145"
      },
      {
        "category": "external",
        "summary": "1554239",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554239"
      },
      {
        "category": "external",
        "summary": "1557040",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557040"
      },
      {
        "category": "external",
        "summary": "1557822",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
      },
      {
        "category": "external",
        "summary": "1558183",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558183"
      },
      {
        "category": "external",
        "summary": "1558997",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558997"
      },
      {
        "category": "external",
        "summary": "1560311",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560311"
      },
      {
        "category": "external",
        "summary": "1563150",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563150"
      },
      {
        "category": "external",
        "summary": "1563673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563673"
      },
      {
        "category": "external",
        "summary": "1566238",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566238"
      },
      {
        "category": "external",
        "summary": "1568815",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568815"
      },
      {
        "category": "external",
        "summary": "1569030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569030"
      },
      {
        "category": "external",
        "summary": "1570065",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570065"
      },
      {
        "category": "external",
        "summary": "1570581",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570581"
      },
      {
        "category": "external",
        "summary": "1571601",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571601"
      },
      {
        "category": "external",
        "summary": "1571944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571944"
      },
      {
        "category": "external",
        "summary": "1572786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572786"
      },
      {
        "category": "external",
        "summary": "1579096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
      },
      {
        "category": "external",
        "summary": "1580538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580538"
      },
      {
        "category": "external",
        "summary": "1583895",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583895"
      },
      {
        "category": "external",
        "summary": "1585243",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585243"
      },
      {
        "category": "external",
        "summary": "1586076",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586076"
      },
      {
        "category": "external",
        "summary": "1588009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588009"
      },
      {
        "category": "external",
        "summary": "1588768",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588768"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2013.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T12:05:42+00:00",
      "generator": {
        "date": "2024-11-22T12:05:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2018:2013",
      "initial_release_date": "2018-06-27T18:01:43+00:00",
      "revision_history": [
        {
          "date": "2018-06-27T18:01:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-06-27T18:01:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T12:05:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.9",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.9",
                  "product_id": "7Server-RH7-RHOSE-3.9",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.9::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                  "product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                  "product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                "product": {
                  "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                  "product_id": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.9.31-1.git.890.a55de06.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.31-1.git.351.1bd46ed.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                  "product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                  "product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                  "product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                  "product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mysql-apb-role-0:1.1.11-1.el7.src",
                "product": {
                  "name": "mysql-apb-role-0:1.1.11-1.el7.src",
                  "product_id": "mysql-apb-role-0:1.1.11-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                "product": {
                  "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                  "product_id": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.31-1.git.890.a55de06.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                "product": {
                  "name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                  "product_id": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src"
        },
        "product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64"
        },
        "product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src"
        },
        "product_reference": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mysql-apb-role-0:1.1.11-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch"
        },
        "product_reference": "mysql-apb-role-0:1.1.11-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mysql-apb-role-0:1.1.11-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src"
        },
        "product_reference": "mysql-apb-role-0:1.1.11-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        },
        "product_reference": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Mark Chappell"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2018-1070",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-10-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1553035"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Improper input validation of the Openshift Routing configuration can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Routing: Malicous Service configuration can bring down routing for an entire shard.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1070"
        },
        {
          "category": "external",
          "summary": "RHBZ#1553035",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1070"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070"
        }
      ],
      "release_date": "2018-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Routing: Malicous Service configuration can bring down routing for an entire shard."
    },
    {
      "acknowledgments": [
        {
          "names": [
            "David Hocky"
          ],
          "organization": "Comcast"
        }
      ],
      "cve": "CVE-2018-1085",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2018-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1557822"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects Openshift Container Platform (OCP) only if you use the container installation method. The container installation method is tech preview in 3.7.1. This issue affected all users who did a containerized etcd in OCP versions 3.7.1-3.6.\n\nIf etcd is installed via RPM and run via \u0027/usr/bin/etcd\u0027 it\u0027s not affected by this flaw. You can check if etcd is being run from \u0027/usr//bin/etcd\u0027 using a \u0027ps\u0027 command such as this on the master nodes. If Installed via RPM you should get output similar to:\n\nps -ef | grep etcd\n$/usr/bin/etcd --name=master-0.example.com --data-dir=/var/lib/etcd/ --listen-client-urls=https://10.0.1.1:2379\n\nIf etcd is installed via the container method running \u0027docker ps\u0027 on the master will show a container running the registry.access.redhat.com/rhel7/etcd image, eg:\n\nsudo docker ps --filter name=etcd_container\n$704effa9b0cc        registry.access.redhat.com/rhel7/etcd   \"/usr/bin/etcd\"     56 minutes ago      Up 56 minutes                           etcd_container",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1085"
        },
        {
          "category": "external",
          "summary": "RHBZ#1557822",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1085",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1085"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085"
        }
      ],
      "release_date": "2018-03-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        },
        {
          "category": "workaround",
          "details": "On master nodes where etcd has been installed using the container method:\n\n0. Verify you can connect to etcd without providing TLS authentication credentials. On any master node, check the ETCD_LISTEN_CLIENT_URLS in /etc/etcd/etcd.conf, and use one of the client urls to connect without providing a certificate, eg:\n   curl -4 curl https://10.0.1.1:2379/version -k\n\n0a. If vulnerable output will show something like this:\n   {\"etcdserver\":\"3.2.15\",\"etcdcluster\":\"3.2.0\"}\n\n0b. If not affected the connection will fail with:\n    curl: (58) NSS: client certificate not found (nickname not specified)\n\n1. update /etc/etcd/etcd.conf on the master nodes to remove quotes from these fields:\n   ETCD_PEER_CLIENT_CERT_AUTH=\"true\"\n   ETCD_CLIENT_CERT_AUTH=\"true\"\neg.\n   ETCD_PEER_CLIENT_CERT_AUTH=true\n   ETCD_CLIENT_CERT_AUTH=true\n\n2. Restart the etcd container service:\n   sudo systemctl restart etcd_container\n\n3. Test if client authentication is now required using the steps from 0. above.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jeremy Choi"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2018-10843",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1579096"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container.  An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-10843"
        },
        {
          "category": "external",
          "summary": "RHBZ#1579096",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-10843"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843"
        }
      ],
      "release_date": "2018-05-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code"
    }
  ]
}

rhsa-2018_2013

Vulnerability from csaf_redhat

Published

2018-06-27 18:01

Modified

2024-11-22 12:05

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:2014\n\nSecurity Fix(es):\n\n* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)\n\n* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)\n\n* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:2013",
        "url": "https://access.redhat.com/errata/RHSA-2018:2013"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1466390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466390"
      },
      {
        "category": "external",
        "summary": "1498398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498398"
      },
      {
        "category": "external",
        "summary": "1506175",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506175"
      },
      {
        "category": "external",
        "summary": "1507429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507429"
      },
      {
        "category": "external",
        "summary": "1512042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512042"
      },
      {
        "category": "external",
        "summary": "1525642",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525642"
      },
      {
        "category": "external",
        "summary": "1529575",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529575"
      },
      {
        "category": "external",
        "summary": "1531096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531096"
      },
      {
        "category": "external",
        "summary": "1534311",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534311"
      },
      {
        "category": "external",
        "summary": "1534894",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534894"
      },
      {
        "category": "external",
        "summary": "1537872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537872"
      },
      {
        "category": "external",
        "summary": "1538215",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538215"
      },
      {
        "category": "external",
        "summary": "1539252",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539252"
      },
      {
        "category": "external",
        "summary": "1539310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539310"
      },
      {
        "category": "external",
        "summary": "1539529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539529"
      },
      {
        "category": "external",
        "summary": "1539757",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539757"
      },
      {
        "category": "external",
        "summary": "1540819",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540819"
      },
      {
        "category": "external",
        "summary": "1541212",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541212"
      },
      {
        "category": "external",
        "summary": "1541350",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541350"
      },
      {
        "category": "external",
        "summary": "1542387",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542387"
      },
      {
        "category": "external",
        "summary": "1542460",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542460"
      },
      {
        "category": "external",
        "summary": "1546097",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546097"
      },
      {
        "category": "external",
        "summary": "1546324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546324"
      },
      {
        "category": "external",
        "summary": "1546936",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546936"
      },
      {
        "category": "external",
        "summary": "1548677",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548677"
      },
      {
        "category": "external",
        "summary": "1549060",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549060"
      },
      {
        "category": "external",
        "summary": "1549454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549454"
      },
      {
        "category": "external",
        "summary": "1550193",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550193"
      },
      {
        "category": "external",
        "summary": "1550316",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550316"
      },
      {
        "category": "external",
        "summary": "1550385",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550385"
      },
      {
        "category": "external",
        "summary": "1550591",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550591"
      },
      {
        "category": "external",
        "summary": "1553012",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553012"
      },
      {
        "category": "external",
        "summary": "1553035",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
      },
      {
        "category": "external",
        "summary": "1553294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553294"
      },
      {
        "category": "external",
        "summary": "1554141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554141"
      },
      {
        "category": "external",
        "summary": "1554145",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554145"
      },
      {
        "category": "external",
        "summary": "1554239",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554239"
      },
      {
        "category": "external",
        "summary": "1557040",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557040"
      },
      {
        "category": "external",
        "summary": "1557822",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
      },
      {
        "category": "external",
        "summary": "1558183",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558183"
      },
      {
        "category": "external",
        "summary": "1558997",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558997"
      },
      {
        "category": "external",
        "summary": "1560311",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560311"
      },
      {
        "category": "external",
        "summary": "1563150",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563150"
      },
      {
        "category": "external",
        "summary": "1563673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563673"
      },
      {
        "category": "external",
        "summary": "1566238",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566238"
      },
      {
        "category": "external",
        "summary": "1568815",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568815"
      },
      {
        "category": "external",
        "summary": "1569030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569030"
      },
      {
        "category": "external",
        "summary": "1570065",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570065"
      },
      {
        "category": "external",
        "summary": "1570581",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570581"
      },
      {
        "category": "external",
        "summary": "1571601",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571601"
      },
      {
        "category": "external",
        "summary": "1571944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571944"
      },
      {
        "category": "external",
        "summary": "1572786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572786"
      },
      {
        "category": "external",
        "summary": "1579096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
      },
      {
        "category": "external",
        "summary": "1580538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580538"
      },
      {
        "category": "external",
        "summary": "1583895",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583895"
      },
      {
        "category": "external",
        "summary": "1585243",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585243"
      },
      {
        "category": "external",
        "summary": "1586076",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586076"
      },
      {
        "category": "external",
        "summary": "1588009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588009"
      },
      {
        "category": "external",
        "summary": "1588768",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588768"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2013.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T12:05:42+00:00",
      "generator": {
        "date": "2024-11-22T12:05:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2018:2013",
      "initial_release_date": "2018-06-27T18:01:43+00:00",
      "revision_history": [
        {
          "date": "2018-06-27T18:01:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-06-27T18:01:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T12:05:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.9",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.9",
                  "product_id": "7Server-RH7-RHOSE-3.9",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.9::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                  "product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                  "product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                "product": {
                  "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                  "product_id": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.9.31-1.git.890.a55de06.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.31-1.git.351.1bd46ed.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                  "product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                  "product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                  "product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                  "product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mysql-apb-role-0:1.1.11-1.el7.src",
                "product": {
                  "name": "mysql-apb-role-0:1.1.11-1.el7.src",
                  "product_id": "mysql-apb-role-0:1.1.11-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                "product": {
                  "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                  "product_id": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.31-1.git.890.a55de06.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                "product": {
                  "name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                  "product_id": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src"
        },
        "product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64"
        },
        "product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src"
        },
        "product_reference": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mysql-apb-role-0:1.1.11-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch"
        },
        "product_reference": "mysql-apb-role-0:1.1.11-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mysql-apb-role-0:1.1.11-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src"
        },
        "product_reference": "mysql-apb-role-0:1.1.11-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        },
        "product_reference": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Mark Chappell"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2018-1070",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-10-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1553035"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Improper input validation of the Openshift Routing configuration can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Routing: Malicous Service configuration can bring down routing for an entire shard.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1070"
        },
        {
          "category": "external",
          "summary": "RHBZ#1553035",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1070"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070"
        }
      ],
      "release_date": "2018-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Routing: Malicous Service configuration can bring down routing for an entire shard."
    },
    {
      "acknowledgments": [
        {
          "names": [
            "David Hocky"
          ],
          "organization": "Comcast"
        }
      ],
      "cve": "CVE-2018-1085",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2018-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1557822"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects Openshift Container Platform (OCP) only if you use the container installation method. The container installation method is tech preview in 3.7.1. This issue affected all users who did a containerized etcd in OCP versions 3.7.1-3.6.\n\nIf etcd is installed via RPM and run via \u0027/usr/bin/etcd\u0027 it\u0027s not affected by this flaw. You can check if etcd is being run from \u0027/usr//bin/etcd\u0027 using a \u0027ps\u0027 command such as this on the master nodes. If Installed via RPM you should get output similar to:\n\nps -ef | grep etcd\n$/usr/bin/etcd --name=master-0.example.com --data-dir=/var/lib/etcd/ --listen-client-urls=https://10.0.1.1:2379\n\nIf etcd is installed via the container method running \u0027docker ps\u0027 on the master will show a container running the registry.access.redhat.com/rhel7/etcd image, eg:\n\nsudo docker ps --filter name=etcd_container\n$704effa9b0cc        registry.access.redhat.com/rhel7/etcd   \"/usr/bin/etcd\"     56 minutes ago      Up 56 minutes                           etcd_container",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1085"
        },
        {
          "category": "external",
          "summary": "RHBZ#1557822",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1085",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1085"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085"
        }
      ],
      "release_date": "2018-03-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        },
        {
          "category": "workaround",
          "details": "On master nodes where etcd has been installed using the container method:\n\n0. Verify you can connect to etcd without providing TLS authentication credentials. On any master node, check the ETCD_LISTEN_CLIENT_URLS in /etc/etcd/etcd.conf, and use one of the client urls to connect without providing a certificate, eg:\n   curl -4 curl https://10.0.1.1:2379/version -k\n\n0a. If vulnerable output will show something like this:\n   {\"etcdserver\":\"3.2.15\",\"etcdcluster\":\"3.2.0\"}\n\n0b. If not affected the connection will fail with:\n    curl: (58) NSS: client certificate not found (nickname not specified)\n\n1. update /etc/etcd/etcd.conf on the master nodes to remove quotes from these fields:\n   ETCD_PEER_CLIENT_CERT_AUTH=\"true\"\n   ETCD_CLIENT_CERT_AUTH=\"true\"\neg.\n   ETCD_PEER_CLIENT_CERT_AUTH=true\n   ETCD_CLIENT_CERT_AUTH=true\n\n2. Restart the etcd container service:\n   sudo systemctl restart etcd_container\n\n3. Test if client authentication is now required using the steps from 0. above.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jeremy Choi"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2018-10843",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1579096"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container.  An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-10843"
        },
        {
          "category": "external",
          "summary": "RHBZ#1579096",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-10843"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843"
        }
      ],
      "release_date": "2018-05-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code"
    }
  ]
}

CVE-2018-1070

Vulnerability from fkie_nvd

Published

2018-06-12 13:29

Modified

2024-11-21 03:59

Severity ?

6.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:2013	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2013	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070	Issue Tracking

Impacted products

	Vendor	Product	Version
	redhat	openshift_container_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DA472B6-F9D0-4F01-977E-EEAF19C292D3",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard."
    },
    {
      "lang": "es",
      "value": "routing en versiones anteriores a la 3.10 es vulnerable a una validaci\u00f3n de entradas incorrecta de la configuraci\u00f3n de Openshift Routing que puede permitir que una partici\u00f3n entera se caiga. Un usuario malicioso puede emplear esta vulnerabilidad para provocar un ataque de denegaci\u00f3n de servicio (DoS) para otros usuarios de la partici\u00f3n del router."
    }
  ],
  "id": "CVE-2018-1070",
  "lastModified": "2024-11-21T03:59:07.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-12T13:29:00.300",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2013"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-1070

Vulnerability from cvelistv5

ghsa-mfw5-7x4h-m4v5

Vulnerability from github

gsd-2018-1070

Vulnerability from gsd

rhsa-2018:2013

Vulnerability from csaf_redhat

RHSA-2018:2013

Vulnerability from csaf_redhat

rhsa-2018_2013

Vulnerability from csaf_redhat

CVE-2018-1070

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature