Action not permitted
Modal body text goes here.
CVE-2020-14336
Vulnerability from cvelistv5
Published
2021-06-02 11:48
Modified
2024-08-04 12:39
Severity
Summary
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.
References
| Source | URL | Tags |
|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1858981 | Issue Tracking, Mitigation, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Openshift",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Red Hat OpenShift Container Platform 4.6 and Red Hat OpenShift Container Platform 4.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-02T11:48:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14336",
"datePublished": "2021-06-02T11:48:44",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-14336\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-06-02T12:15:08.807\",\"lastModified\":\"2023-02-12T23:40:21.450\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en las Restricciones de Contexto de Seguridad (SCC), que permite a los pods dise\u00f1ar paquetes de red personalizados. Este fallo permite a un atacante causar un ataque de Denegaci\u00f3n de Servicio en un cl\u00faster de OpenShift Container Platform si pueden desplegar pods. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FECE9CCD-E26F-4FAA-8ADC-8AAC7116FE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B62E762-2878-455A-93C9-A5DB430D7BB5\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1858981\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]}]}}"
}
}
gsd-2020-14336
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-14336",
"description": "A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.",
"id": "GSD-2020-14336",
"references": [
"https://access.redhat.com/errata/RHSA-2020:4320",
"https://access.redhat.com/errata/RHSA-2020:4298"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-14336"
],
"details": "A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.",
"id": "GSD-2020-14336",
"modified": "2023-12-13T01:21:59.929976Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Openshift",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Red Hat OpenShift Container Platform 4.6 and Red Hat OpenShift Container Platform 4.5.16"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-770",
"lang": "eng",
"value": "CWE-770"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.5.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14336"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-02-12T23:40Z",
"publishedDate": "2021-06-02T12:15Z"
}
}
}
rhsa-2020_4320
Vulnerability from csaf_redhat
Published
2020-10-26 14:41
Modified
2024-09-16 04:54
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.5.16 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.5.16 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* openshift: Restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.5.16 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* openshift: Restricted SCC allows pods to craft custom network packets (CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4320",
"url": "https://access.redhat.com/errata/RHSA-2020:4320"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1856529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856529"
},
{
"category": "external",
"summary": "1858981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_4320.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.5.16 security update",
"tracking": {
"current_release_date": "2024-09-16T04:54:43+00:00",
"generator": {
"date": "2024-09-16T04:54:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:4320",
"initial_release_date": "2020-10-26T14:41:36+00:00",
"revision_history": [
{
"date": "2020-10-26T14:41:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-10-26T14:41:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T04:54:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.5",
"product": {
"name": "Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812_ppc64le",
"product": {
"name": "openshift4/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812_ppc64le",
"product_id": "openshift4/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-machine-config-operator\u0026tag=v4.5.0-202010160047.p0"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d_amd64",
"product": {
"name": "openshift4/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d_amd64",
"product_id": "openshift4/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-machine-config-operator\u0026tag=v4.5.0-202010160047.p0"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f_s390x",
"product": {
"name": "openshift4/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f_s390x",
"product_id": "openshift4/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-machine-config-operator\u0026tag=v4.5.0-202010160047.p0"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812_ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812_ppc64le"
},
"product_reference": "openshift4/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812_ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d_amd64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d_amd64"
},
"product_reference": "openshift4/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f_s390x as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f_s390x"
},
"product_reference": "openshift4/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f_s390x",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Yuval Kashtan"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14336",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2020-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1858981"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openshift: restricted SCC allows pods to craft custom network packets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default, the OpenShift Container Platform uses the OpenShift SDN network interface. This interface makes this attack impractical by implementing IPTable rules on the host side of the virtual network interface, isolating network traffic to within the pod.\n\nIf the OpenShift Container Platform has the sriov-network-operator deployed, it is at a greater risk for exploitation. \n\nIf installing a new OCP 4.6 cluster no changes are required. If upgrading a cluster from an earlier version to 4.5.16 be sure to delete 99-worker-generated-crio-capabilities and 99-master-generated-crio-capabilities machine controllers once you have tested that dropping NET_RAW does not break your cluster workload.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812_ppc64le",
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14336"
},
{
"category": "external",
"summary": "RHBZ#1858981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14336",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14336"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14336",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14336"
}
],
"release_date": "2020-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812_ppc64le",
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4320"
},
{
"category": "workaround",
"details": "On OCP 3.11 create a custom SCC based on \u0027restricted\u0027 and also drop the NET_RAW capability[1]. Assign this custom SCC to any users, or groups which create pods you want to protect. See the documentation for more information [2]. \n[1] https://access.redhat.com/solutions/5611521\n[2] https://docs.openshift.com/container-platform/3.11/admin_guide/manage_scc.html",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812_ppc64le",
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:0d08b01798a96cb124e07a40e6953ad220bc2055f926e27517c2fe202beae812_ppc64le",
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:2ac7d8e5a4a1a8a0cbb06ac6302a146b256e413f54d62dca553c11e1dcc0661d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-machine-config-operator@sha256:56347b9b9aa202c3ea4ee5fc6c6d4e78bb5aa20d3cc358ef41c5640c45d7538f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openshift: restricted SCC allows pods to craft custom network packets"
}
]
}
rhsa-2020_4298
Vulnerability from csaf_redhat
Published
2020-10-27 16:22
Modified
2020-10-28 00:41
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.6.1 image security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
* grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
* npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
* kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)
* npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
* grafana: stored XSS (CVE-2020-11110)
* grafana: XSS annotation popup vulnerability (CVE-2020-12052)
* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
* nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
* openshift/console: text injection on error page via crafted url (CVE-2020-10715)
* kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
* openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url (CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4298",
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_4298.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.1 image security update",
"tracking": {
"current_release_date": "2020-10-28T00:41:00Z",
"generator": {
"date": "2023-07-01T04:17:00Z",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.18.0"
}
},
"id": "RHSA-2020:4298",
"initial_release_date": "2020-10-27T16:22:00Z",
"revision_history": [
{
"date": "2020-10-28T00:41:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.6",
"product": {
"name": "Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"category": "product_version",
"name": "openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-ansible-operator:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"product": {
"name": "openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"product_id": "openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli:v4.6.0-202010080605.p0",
"product": {
"name": "openshift4/ose-cli:v4.6.0-202010080605.p0",
"product_id": "openshift4/ose-cli:v4.6.0-202010080605.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"product": {
"name": "openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"product_id": "openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"product": {
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"product_id": "openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"product": {
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"product_id": "openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"product": {
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"product_id": "openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"product": {
"name": "openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"product_id": "openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-console-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-console:v4.6.0-202010100121.p0",
"product": {
"name": "openshift4/ose-console:v4.6.0-202010100121.p0",
"product_id": "openshift4/ose-console:v4.6.0-202010100121.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-coredns:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-coredns:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-coredns:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-descheduler:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"product": {
"name": "openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"product_id": "openshift4/ose-docker-builder:v4.6.0-202010120952.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-docker-registry:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-etcd:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-etcd:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-etcd:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-grafana:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-grafana:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-grafana:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"product": {
"name": "openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"product_id": "openshift4/ose-hyperkube:v4.6.0-202010081843.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-installer:v4.6.0-202010081843.p0",
"product": {
"name": "openshift4/ose-installer:v4.6.0-202010081843.p0",
"product_id": "openshift4/ose-installer:v4.6.0-202010081843.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"product": {
"name": "openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"product_id": "openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-metering-presto:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-multus-cni:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"product": {
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"product_id": "openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"product": {
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"product_id": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"product": {
"name": "openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"product_id": "openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"product": {
"name": "openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"product_id": "openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"product": {
"name": "openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"product_id": "openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-operator-registry:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"product": {
"name": "openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"product_id": "openshift4/ose-prometheus:v4.6.0-202009290409.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-ptp-operator:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-ptp:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-ptp:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"product": {
"name": "openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"product_id": "openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"product": {
"name": "openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"product_id": "openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0"
}
},
{
"category": "product_version",
"name": "openshift4/ose-tests:v4.6.0-202010120952.p0",
"product": {
"name": "openshift4/ose-tests:v4.6.0-202010120952.p0",
"product_id": "openshift4/ose-tests:v4.6.0-202010120952.p0"
}
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ansible-operator:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0"
},
"product_reference": "openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli:v4.6.0-202010080605.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0"
},
"product_reference": "openshift4/ose-cli:v4.6.0-202010080605.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0"
},
"product_reference": "openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0"
},
"product_reference": "openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0"
},
"product_reference": "openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0"
},
"product_reference": "openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0"
},
"product_reference": "openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-console-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-console:v4.6.0-202010100121.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0"
},
"product_reference": "openshift4/ose-console:v4.6.0-202010100121.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-coredns:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-coredns:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-descheduler:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-builder:v4.6.0-202010120952.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0"
},
"product_reference": "openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-registry:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-etcd:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-etcd:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-grafana:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-grafana:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-hyperkube:v4.6.0-202010081843.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0"
},
"product_reference": "openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-installer:v4.6.0-202010081843.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0"
},
"product_reference": "openshift4/ose-installer:v4.6.0-202010081843.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0"
},
"product_reference": "openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-metering-presto:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-cni:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0"
},
"product_reference": "openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0"
},
"product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0"
},
"product_reference": "openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0"
},
"product_reference": "openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0"
},
"product_reference": "openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-registry:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus:v4.6.0-202009290409.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
},
"product_reference": "openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp-operator:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-ptp:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0"
},
"product_reference": "openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0"
},
"product_reference": "openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-tests:v4.6.0-202010120952.p0 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
},
"product_reference": "openshift4/ose-tests:v4.6.0-202010120952.p0",
"relates_to_product_reference": "8Base-RHOSE-4.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0169",
"discovery_date": "2013-02-04T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=907589"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CBC padding timing attack (lucky-13)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169"
},
{
"category": "external",
"summary": "http://www.isg.rhul.ac.uk/tls/",
"url": "http://www.isg.rhul.ac.uk/tls/"
},
{
"category": "external",
"summary": "http://www.openssl.org/news/secadv_20130205.txt",
"url": "http://www.openssl.org/news/secadv_20130205.txt"
},
{
"category": "external",
"summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"category": "external",
"summary": "CVE-2013-0169",
"url": "https://access.redhat.com/security/cve/CVE-2013-0169"
},
{
"category": "external",
"summary": "bz#907589: CBC padding timing attack (lucky-13)",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589"
}
],
"release_date": "2013-02-04T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0.0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0.0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2013-02-04T00:00:00Z",
"details": "Moderate"
}
],
"title": "CBC padding timing attack (lucky-13)"
},
{
"cve": "CVE-2018-18624",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-24T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1850572"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in grafana. An incomplete fix for CVE-2018-12099 allows for a XSS via a column style on the \"Dashboard \u003e Table Panel\" screen.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18624",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18624"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18624",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18624"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20200608-0008/",
"url": "https://security.netapp.com/advisory/ntap-20200608-0008/"
},
{
"category": "external",
"summary": "CVE-2018-18624",
"url": "https://access.redhat.com/security/cve/CVE-2018-18624"
},
{
"category": "external",
"summary": "bz#1850572: CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850572"
}
],
"release_date": "2020-06-02T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-24T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"category": "external",
"summary": "CVE-2019-11358",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "bz#1701972: CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
}
],
"release_date": "2019-03-27T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2019-16769",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-17T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1848092"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A XSS flaw was found in npm-serialize-javascript. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js\u0027s implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16769",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16769"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16769",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16769"
},
{
"category": "external",
"summary": "CVE-2019-16769",
"url": "https://access.redhat.com/security/cve/CVE-2019-16769"
},
{
"category": "external",
"summary": "bz#1848092: CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848092"
}
],
"release_date": "2020-05-04T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions"
},
{
"cve": "CVE-2020-7013",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2020-06-19T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1849044"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7013",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7013"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7013",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7013"
},
{
"category": "external",
"summary": "https://discuss.elastic.co/t/elastic-stack-6-8-9-and-7-7-0-security-update/235571",
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-9-and-7-7-0-security-update/235571"
},
{
"category": "external",
"summary": "CVE-2020-7013",
"url": "https://access.redhat.com/security/cve/CVE-2020-7013"
},
{
"category": "external",
"summary": "bz#1849044: CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849044"
}
],
"release_date": "2020-06-03T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-19T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)"
},
{
"cve": "CVE-2020-7598",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-03-11T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a \"constructor\" or \"__proto__\" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7598"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
"url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764"
},
{
"category": "external",
"summary": "CVE-2020-7598",
"url": "https://access.redhat.com/security/cve/CVE-2020-7598"
},
{
"category": "external",
"summary": "bz#1813344: CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813344"
}
],
"release_date": "2020-03-10T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-11T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload"
},
{
"cve": "CVE-2020-7662",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-06-02T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1845982"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7662"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7662",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7662"
},
{
"category": "external",
"summary": "https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv",
"url": "https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv"
},
{
"category": "external",
"summary": "CVE-2020-7662",
"url": "https://access.redhat.com/security/cve/CVE-2020-7662"
},
{
"category": "external",
"summary": "bz#1845982: CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845982"
}
],
"release_date": "2020-06-02T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-02T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser"
},
{
"cve": "CVE-2020-8203",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-07-15T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1857412"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: prototype pollution in zipObjectDeep function",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8203"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/712065",
"url": "https://hackerone.com/reports/712065"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1523",
"url": "https://www.npmjs.com/advisories/1523"
},
{
"category": "external",
"summary": "CVE-2020-8203",
"url": "https://access.redhat.com/security/cve/CVE-2020-8203"
},
{
"category": "external",
"summary": "bz#1857412: CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857412"
}
],
"release_date": "2020-04-27T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-15T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function"
},
{
"acknowledgments": [
{
"names": [
"the Kubernetes Product Security Committee"
]
},
{
"names": [
"Wouter ter Maat"
],
"organization": "Offensi",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-8559",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2020-06-26T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1851422"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other endpoints that trust those credentials (including other clusters), allowing for escalation of privileges. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: compromised node could escalate to cluster level privileges",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8559"
},
{
"category": "external",
"summary": "https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs"
},
{
"category": "external",
"summary": "CVE-2020-8559",
"url": "https://access.redhat.com/security/cve/CVE-2020-8559"
},
{
"category": "external",
"summary": "bz#1851422: CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851422"
}
],
"release_date": "2020-07-15T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-26T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges"
},
{
"cve": "CVE-2020-9283",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2020-02-19T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9283",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY",
"url": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"
},
{
"category": "external",
"summary": "CVE-2020-9283",
"url": "https://access.redhat.com/security/cve/CVE-2020-9283"
},
{
"category": "external",
"summary": "bz#1804533: CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
}
],
"release_date": "2020-02-21T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-19T00:00:00Z",
"details": "Important"
}
],
"title": "CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic"
},
{
"cve": "CVE-2020-10715",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-10-18T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1767665"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A content spoofing vulnerability was found in the openshift/console. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openshift/console: text injection on error page via crafted url",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10715",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10715"
},
{
"category": "external",
"summary": "CVE-2020-10715",
"url": "https://access.redhat.com/security/cve/CVE-2020-10715"
},
{
"category": "external",
"summary": "bz#1767665: CVE-2020-10715 openshift/console: text injection on error page via crafted url",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767665"
}
],
"release_date": "2020-07-27T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-18T00:00:00Z",
"details": "Low"
}
],
"title": "CVE-2020-10715 openshift/console: text injection on error page via crafted url"
},
{
"cve": "CVE-2020-10743",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-05-05T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1834550"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "It was discovered that OpenShift Container Platform\u0027s (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP\u0027s distribution of Kibana, such as clickjacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kibana: X-Frame-Option not set by default might lead to clickjacking",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10743",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10743"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10743",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10743"
},
{
"category": "external",
"summary": "CVE-2020-10743",
"url": "https://access.redhat.com/security/cve/CVE-2020-10743"
},
{
"category": "external",
"summary": "bz#1834550: CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834550"
}
],
"release_date": "2020-01-27T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-05T00:00:00Z",
"details": "Low"
}
],
"title": "CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
},
{
"category": "external",
"summary": "CVE-2020-11022",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "bz#1828406: CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
}
],
"release_date": "2020-04-23T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \u003coption\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "CVE-2020-11023",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "bz#1850004: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
}
],
"release_date": "2020-04-29T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-23T00:00:00Z",
"details": "Moderate"
}
],
"title": "Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2020-11110",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-07-27T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1861044"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in grafana. The lack of URL sanitizing allows for stored XSS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: stored XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11110",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11110"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11110",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11110"
},
{
"category": "external",
"summary": "CVE-2020-11110",
"url": "https://access.redhat.com/security/cve/CVE-2020-11110"
},
{
"category": "external",
"summary": "bz#1861044: CVE-2020-11110 grafana: stored XSS",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861044"
}
],
"release_date": "2020-04-01T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-11110 grafana: stored XSS"
},
{
"cve": "CVE-2020-12052",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-17T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1848089"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in grafana. The software is vulnerable to an annotation popup XSS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: XSS annotation popup vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-12052",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12052"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12052",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12052"
},
{
"category": "external",
"summary": "CVE-2020-12052",
"url": "https://access.redhat.com/security/cve/CVE-2020-12052"
},
{
"category": "external",
"summary": "bz#1848089: CVE-2020-12052 grafana: XSS annotation popup vulnerability",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848089"
}
],
"release_date": "2020-04-27T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-12052 grafana: XSS annotation popup vulnerability"
},
{
"cve": "CVE-2020-12245",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-25T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1848643"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: XSS via column.title or cellLinkTooltip",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-12245",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12245"
},
{
"category": "external",
"summary": "CVE-2020-12245",
"url": "https://access.redhat.com/security/cve/CVE-2020-12245"
},
{
"category": "external",
"summary": "bz#1848643: CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848643"
}
],
"release_date": "2020-04-23T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-25T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip"
},
{
"cve": "CVE-2020-13822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2020-06-04T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1848647"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "The Elliptic for Node.js allows ECDSA signature malleability via variations in encoding, leading \u0027\\0\u0027 bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13822",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13822"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484",
"url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484"
},
{
"category": "external",
"summary": "CVE-2020-13822",
"url": "https://access.redhat.com/security/cve/CVE-2020-13822"
},
{
"category": "external",
"summary": "bz#1848647: CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848647"
}
],
"release_date": "2020-06-01T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-04T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures"
},
{
"cve": "CVE-2020-14040",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2020-06-17T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/39491",
"url": "https://github.com/golang/go/issues/39491"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
"url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
},
{
"category": "external",
"summary": "CVE-2020-14040",
"url": "https://access.redhat.com/security/cve/CVE-2020-14040"
},
{
"category": "external",
"summary": "bz#1853652: CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
}
],
"release_date": "2020-06-17T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
},
{
"acknowledgments": [
{
"names": [
"Yuval Kashtan"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14336",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2020-06-25T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openshift: restricted SCC allows pods to craft custom network packets",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14336",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14336"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14336",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14336"
},
{
"category": "external",
"summary": "CVE-2020-14336",
"url": "https://access.redhat.com/security/cve/CVE-2020-14336"
},
{
"category": "external",
"summary": "bz#1858981: CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981"
}
],
"release_date": "2020-07-13T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-25T00:00:00Z",
"details": "Low"
}
],
"title": "CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets"
},
{
"cve": "CVE-2020-15366",
"cwe": {
"id": "CWE-471",
"name": "Modification of Assumed-Immutable Data (MAID)"
},
"discovery_date": "2020-07-15T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1857977"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-aws-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-azure-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-machine-controllers:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-baremetal-runtimecfg-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli-artifacts:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cli:v4.6.0-202010080605.p0",
"8Base-RHOSE-4.6:openshift4/ose-cloud-credential-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-authentication-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-autoscaler:v4.6.0-202009291152.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-config-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-dns-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-etcd-rhel8-operator:v4.6.0-202010062159.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-image-registry-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-apiserver-operator:v4.6.0-202010090300.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-controller-manager-operator:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-scheduler-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-machine-approver:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-apiserver-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-openshift-controller-manager-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-policy-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-samples-operator:v4.6.0-202009290409.p0",
"8Base-RHOSE-4.6:openshift4/ose-cluster-storage-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-console-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-coredns:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-attacher:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-resizer:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-external-snapshotter:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-livenessprobe:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-node-driver-registrar:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-csi-snapshot-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-builder:v4.6.0-202010120952.p0",
"8Base-RHOSE-4.6:openshift4/ose-docker-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-etcd:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-gcp-machine-controllers-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-grafana:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-hyperkube:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-installer:v4.6.0-202010081843.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-kube-storage-version-migrator-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-machine-config-operator:v4.6.0-202010220220.p0",
"8Base-RHOSE-4.6:openshift4/ose-mdns-publisher-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-admission-controller:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-cni:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-route-override-cni-rhel8:v4.6.0-202010012244.p0",
"8Base-RHOSE-4.6:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.6.0-202010011936.p0",
"8Base-RHOSE-4.6:openshift4/ose-network-metrics-daemon-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-oauth-proxy:v4.6.0-202010010929.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-apiserver-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-openshift-controller-manager-rhel8:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-lifecycle-manager:v4.6.0-202010130555.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-marketplace:v4.6.0-202010081538.p0",
"8Base-RHOSE-4.6:openshift4/ose-operator-registry:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-service-ca-operator:v4.6.0-202010061132.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202010200139.p0",
"8Base-RHOSE-4.6:openshift4/ose-tests:v4.6.0-202010120952.p0"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15366",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15366"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-AJV-584908",
"url": "https://snyk.io/vuln/SNYK-JS-AJV-584908"
},
{
"category": "external",
"summary": "CVE-2020-15366",
"url": "https://access.redhat.com/security/cve/CVE-2020-15366"
},
{
"category": "external",
"summary": "bz#1857977: CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857977"
}
],
"release_date": "2020-07-04T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
],
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-console:v4.6.0-202010100121.p0",
"8Base-RHOSE-4.6:openshift4/ose-prometheus:v4.6.0-202009290409.p0"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-15T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function"
}
]
}
ghsa-qr9q-882c-gv4j
Vulnerability from github
Published
2022-05-24 19:03
Modified
2023-02-02 21:33
Severity
Details
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.
{
"affected": [],
"aliases": [
"CVE-2020-14336"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-02T12:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.",
"id": "GHSA-qr9q-882c-gv4j",
"modified": "2023-02-02T21:33:41Z",
"published": "2022-05-24T19:03:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14336"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:4298"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:4320"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2020-14336"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858981"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading...