Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-26301
Vulnerability from cvelistv5
Published
2021-09-20 19:40
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/ | Exploit, Patch, Third Party Advisory | |
| security-advisories@github.com | https://www.npmjs.com/package/ssh2 | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/ | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.npmjs.com/package/ssh2 | Product, Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/package/ssh2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ssh2",
"vendor": "mscdex",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-20T19:40:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/package/ssh2"
}
],
"source": {
"advisory": "GHSL-2020-123",
"discovery": "INTERNAL"
},
"title": "Command injection in mscdex/ssh2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26301",
"STATE": "PUBLIC",
"TITLE": "Command injection in mscdex/ssh2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ssh2",
"version": {
"version_data": [
{
"version_value": "\u003c 1.4.0"
}
]
}
}
]
},
"vendor_name": "mscdex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21",
"refsource": "MISC",
"url": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/",
"refsource": "CONFIRM",
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/"
},
{
"name": "https://www.npmjs.com/package/ssh2",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/ssh2"
}
]
},
"source": {
"advisory": "GHSL-2020-123",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26301",
"datePublished": "2021-09-20T19:40:12",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"1.4.0\", \"matchCriteriaId\": \"9A046B48-27ED-41C9-876A-07D1CC226B4A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.\"}, {\"lang\": \"es\", \"value\": \"ssh2 es un m\\u00f3dulo cliente y servidor escrito en JavaScript puro para node.js. En ssh2 versiones anteriores a 1.4.0, se presenta una vulnerabilidad de inyecci\\u00f3n de comandos. El problema s\\u00f3lo se presenta en Windows. Este problema puede conllevar una ejecuci\\u00f3n de c\\u00f3digo remota si un cliente de la biblioteca llama al m\\u00e9todo vulnerable con una entrada no fiable. Esto es corregido en la versi\\u00f3n 1.4.0\"}]",
"id": "CVE-2020-26301",
"lastModified": "2024-11-21T05:19:48.493",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-09-20T20:15:11.513",
"references": "[{\"url\": \"https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.npmjs.com/package/ssh2\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.npmjs.com/package/ssh2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-26301\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-09-20T20:15:11.513\",\"lastModified\":\"2024-11-21T05:19:48.493\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.\"},{\"lang\":\"es\",\"value\":\"ssh2 es un m\u00f3dulo cliente y servidor escrito en JavaScript puro para node.js. En ssh2 versiones anteriores a 1.4.0, se presenta una vulnerabilidad de inyecci\u00f3n de comandos. El problema s\u00f3lo se presenta en Windows. Este problema puede conllevar una ejecuci\u00f3n de c\u00f3digo remota si un cliente de la biblioteca llama al m\u00e9todo vulnerable con una entrada no fiable. Esto es corregido en la versi\u00f3n 1.4.0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.4.0\",\"matchCriteriaId\":\"9A046B48-27ED-41C9-876A-07D1CC226B4A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.npmjs.com/package/ssh2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.npmjs.com/package/ssh2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]}]}}"
}
}
rhsa-2021_4845
Vulnerability from csaf_redhat
Published
2021-11-29 13:24
Modified
2024-11-22 17:53
Summary
Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update
Notes
Topic
An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Storage is software-defined storage integrated
with and optimized for the Red Hat OpenShift Container Platform.
Red Hat OpenShift Container Storage is highly scalable, production-grade
persistent storage for stateful applications running in the Red Hat
OpenShift Container Platform. In addition to persistent storage, Red Hat
OpenShift Container Storage provides a multicloud data management service
with an S3 compatible API.
Security Fix(es):
* nodejs-ssh2: Command injection by calling vulnerable method with
untrusted input (CVE-2020-26301)
For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, when the namespace store target was deleted, no alert was
sent to the namespace bucket because of an issue in calculating the
namespace bucket health. With this update, the issue in calculating the
namespace bucket health is fixed and alerts are triggered as expected.
(BZ#1993873)
* Previously, the Multicloud Object Gateway (MCG) components performed
slowly and there was a lot of pressure on the MCG components due to
non-optimized database queries. With this update the non-optimized
database queries are fixed which reduces the compute resources and time
taken for queries. (BZ#2015939)
Red Hat recommends that all users of OpenShift Container Storage apply this update to fix these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform.\nRed Hat OpenShift Container Storage is highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provides a multicloud data management service\nwith an S3 compatible API.\n\nSecurity Fix(es):\n\n* nodejs-ssh2: Command injection by calling vulnerable method with\nuntrusted input (CVE-2020-26301)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, when the namespace store target was deleted, no alert was\nsent to the namespace bucket because of an issue in calculating the\nnamespace bucket health. With this update, the issue in calculating the\nnamespace bucket health is fixed and alerts are triggered as expected.\n(BZ#1993873)\n\n* Previously, the Multicloud Object Gateway (MCG) components performed\nslowly and there was a lot of pressure on the MCG components due to\nnon-optimized database queries. With this update the non-optimized\ndatabase queries are fixed which reduces the compute resources and time\ntaken for queries. (BZ#2015939)\n\nRed Hat recommends that all users of OpenShift Container Storage apply this update to fix these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4845",
"url": "https://access.redhat.com/errata/RHSA-2021:4845"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1993873",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993873"
},
{
"category": "external",
"summary": "2006958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006958"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4845.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update",
"tracking": {
"current_release_date": "2024-11-22T17:53:16+00:00",
"generator": {
"date": "2024-11-22T17:53:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:4845",
"initial_release_date": "2021-11-29T13:24:40+00:00",
"revision_history": [
{
"date": "2021-11-29T13:24:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T13:24:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T17:53:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product": {
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Container Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"product_id": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"product_id": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"product_id": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"product_id": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=v4.8.5-2"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"product_id": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=v4.8.5-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"product_id": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"product_id": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"product_id": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"product_id": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=v4.8.5-2"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"product_id": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=v4.8.5-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"product_id": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"product_id": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"product_id": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"product_id": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=v4.8.5-2"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"product_id": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=v4.8.5-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-26301",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2021-09-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2006958"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-ssh2. An OS command injection attack on Windows allows an attacker to perform remote code execution and potentially execute arbitrary code. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ssh2: Command injection by calling vulnerable method with untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects ssh2 as shipped with all versions of Red Hat Openshift Container Storage and Red Hat Openshift Data Foundations. However, this flaw requires a Windows based attack, and therefore, the impact is adjusted accordingly to a moderate risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26301"
},
{
"category": "external",
"summary": "RHBZ#2006958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26301",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26301"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26301",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26301"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/",
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/"
}
],
"release_date": "2021-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T13:24:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ssh2: Command injection by calling vulnerable method with untrusted input"
}
]
}
RHSA-2021:4845
Vulnerability from csaf_redhat
Published
2021-11-29 13:24
Modified
2024-11-22 17:53
Summary
Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update
Notes
Topic
An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Storage is software-defined storage integrated
with and optimized for the Red Hat OpenShift Container Platform.
Red Hat OpenShift Container Storage is highly scalable, production-grade
persistent storage for stateful applications running in the Red Hat
OpenShift Container Platform. In addition to persistent storage, Red Hat
OpenShift Container Storage provides a multicloud data management service
with an S3 compatible API.
Security Fix(es):
* nodejs-ssh2: Command injection by calling vulnerable method with
untrusted input (CVE-2020-26301)
For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, when the namespace store target was deleted, no alert was
sent to the namespace bucket because of an issue in calculating the
namespace bucket health. With this update, the issue in calculating the
namespace bucket health is fixed and alerts are triggered as expected.
(BZ#1993873)
* Previously, the Multicloud Object Gateway (MCG) components performed
slowly and there was a lot of pressure on the MCG components due to
non-optimized database queries. With this update the non-optimized
database queries are fixed which reduces the compute resources and time
taken for queries. (BZ#2015939)
Red Hat recommends that all users of OpenShift Container Storage apply this update to fix these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform.\nRed Hat OpenShift Container Storage is highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provides a multicloud data management service\nwith an S3 compatible API.\n\nSecurity Fix(es):\n\n* nodejs-ssh2: Command injection by calling vulnerable method with\nuntrusted input (CVE-2020-26301)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, when the namespace store target was deleted, no alert was\nsent to the namespace bucket because of an issue in calculating the\nnamespace bucket health. With this update, the issue in calculating the\nnamespace bucket health is fixed and alerts are triggered as expected.\n(BZ#1993873)\n\n* Previously, the Multicloud Object Gateway (MCG) components performed\nslowly and there was a lot of pressure on the MCG components due to\nnon-optimized database queries. With this update the non-optimized\ndatabase queries are fixed which reduces the compute resources and time\ntaken for queries. (BZ#2015939)\n\nRed Hat recommends that all users of OpenShift Container Storage apply this update to fix these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4845",
"url": "https://access.redhat.com/errata/RHSA-2021:4845"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1993873",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993873"
},
{
"category": "external",
"summary": "2006958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006958"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4845.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update",
"tracking": {
"current_release_date": "2024-11-22T17:53:16+00:00",
"generator": {
"date": "2024-11-22T17:53:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:4845",
"initial_release_date": "2021-11-29T13:24:40+00:00",
"revision_history": [
{
"date": "2021-11-29T13:24:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T13:24:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T17:53:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product": {
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Container Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"product_id": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"product_id": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"product_id": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"product_id": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=v4.8.5-2"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"product_id": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=v4.8.5-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"product_id": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"product_id": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"product_id": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"product_id": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=v4.8.5-2"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"product_id": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=v4.8.5-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"product_id": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"product_id": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"product_id": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"product_id": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=v4.8.5-2"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"product_id": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=v4.8.5-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-26301",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2021-09-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2006958"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-ssh2. An OS command injection attack on Windows allows an attacker to perform remote code execution and potentially execute arbitrary code. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ssh2: Command injection by calling vulnerable method with untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects ssh2 as shipped with all versions of Red Hat Openshift Container Storage and Red Hat Openshift Data Foundations. However, this flaw requires a Windows based attack, and therefore, the impact is adjusted accordingly to a moderate risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26301"
},
{
"category": "external",
"summary": "RHBZ#2006958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26301",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26301"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26301",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26301"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/",
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/"
}
],
"release_date": "2021-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T13:24:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ssh2: Command injection by calling vulnerable method with untrusted input"
}
]
}
rhsa-2021:4845
Vulnerability from csaf_redhat
Published
2021-11-29 13:24
Modified
2024-11-22 17:53
Summary
Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update
Notes
Topic
An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Storage is software-defined storage integrated
with and optimized for the Red Hat OpenShift Container Platform.
Red Hat OpenShift Container Storage is highly scalable, production-grade
persistent storage for stateful applications running in the Red Hat
OpenShift Container Platform. In addition to persistent storage, Red Hat
OpenShift Container Storage provides a multicloud data management service
with an S3 compatible API.
Security Fix(es):
* nodejs-ssh2: Command injection by calling vulnerable method with
untrusted input (CVE-2020-26301)
For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, when the namespace store target was deleted, no alert was
sent to the namespace bucket because of an issue in calculating the
namespace bucket health. With this update, the issue in calculating the
namespace bucket health is fixed and alerts are triggered as expected.
(BZ#1993873)
* Previously, the Multicloud Object Gateway (MCG) components performed
slowly and there was a lot of pressure on the MCG components due to
non-optimized database queries. With this update the non-optimized
database queries are fixed which reduces the compute resources and time
taken for queries. (BZ#2015939)
Red Hat recommends that all users of OpenShift Container Storage apply this update to fix these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform.\nRed Hat OpenShift Container Storage is highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provides a multicloud data management service\nwith an S3 compatible API.\n\nSecurity Fix(es):\n\n* nodejs-ssh2: Command injection by calling vulnerable method with\nuntrusted input (CVE-2020-26301)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, when the namespace store target was deleted, no alert was\nsent to the namespace bucket because of an issue in calculating the\nnamespace bucket health. With this update, the issue in calculating the\nnamespace bucket health is fixed and alerts are triggered as expected.\n(BZ#1993873)\n\n* Previously, the Multicloud Object Gateway (MCG) components performed\nslowly and there was a lot of pressure on the MCG components due to\nnon-optimized database queries. With this update the non-optimized\ndatabase queries are fixed which reduces the compute resources and time\ntaken for queries. (BZ#2015939)\n\nRed Hat recommends that all users of OpenShift Container Storage apply this update to fix these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4845",
"url": "https://access.redhat.com/errata/RHSA-2021:4845"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1993873",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993873"
},
{
"category": "external",
"summary": "2006958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006958"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4845.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update",
"tracking": {
"current_release_date": "2024-11-22T17:53:16+00:00",
"generator": {
"date": "2024-11-22T17:53:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:4845",
"initial_release_date": "2021-11-29T13:24:40+00:00",
"revision_history": [
{
"date": "2021-11-29T13:24:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T13:24:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T17:53:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product": {
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Container Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"product_id": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"product_id": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"product_id": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"product_id": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=v4.8.5-2"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"product_id": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=v4.8.5-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"product_id": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"product_id": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"product_id": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"product_id": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=v4.8.5-2"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"product_id": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=v4.8.5-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"product_id": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"product_id": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"product_id": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"product_id": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=v4.8.5-2"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"product_id": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=v4.8.5-1"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=v4.8.5-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-26301",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2021-09-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2006958"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-ssh2. An OS command injection attack on Windows allows an attacker to perform remote code execution and potentially execute arbitrary code. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ssh2: Command injection by calling vulnerable method with untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects ssh2 as shipped with all versions of Red Hat Openshift Container Storage and Red Hat Openshift Data Foundations. However, this flaw requires a Windows based attack, and therefore, the impact is adjusted accordingly to a moderate risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26301"
},
{
"category": "external",
"summary": "RHBZ#2006958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26301",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26301"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26301",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26301"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/",
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/"
}
],
"release_date": "2021-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T13:24:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:4ea3fd6255de9599012265cb872d90635afa34c5e7e23381705094d121008f81_ppc64le",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:68e729386a00aa7a72df0f39ef4c9883afd27b6c8467bc0315f5819b8acb2aca_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:9847850dd6cb4526b63e964a44df52968a2377964c3b5535fca82a75b58a3e49_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3ee72d4b1bcf14be1667f074c23b973c9d7c28e9383fff1b9ce31b72522c8c90_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:93e5e2edf30dc154487b8139f87db3db326bf1ad264ed3ea55a0267243462d65_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:afc714048ba7bb0548ae2ca622c9e0c5c350d9e06a8c4d0f9418821dfb44c952_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:2c061f8784af676fa7bf65a8d908a87f179e58adae06b3ed6c62be82898601ad_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:43305259b7d78624c9b0ff72bfeea6a7b26c61b71bac9a80cf5e90a18dd22b4d_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:6e5e21dd36690fa1b5712899af2e2b5a402f326fc8ef8c941c708941f057ea47_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:10cca274f71b89fb078a832cb17a2986b67db048eb415970359f0ec53251701a_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:210d1925e2b0e9aed7f493adbd826cf160960e3fb495d594f1936526475f676d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:fdfff315003fc26f0e3d658ef2dcd9c1170e86edc19b82167cc7337bf66073ac_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:a53d78d089e6dacf11f30aad03664271a0d28dd7b27f5f53ac3579c1521d2859_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:b8c1d24ad2dd16318c181e367afe3e32c3066e8ef42d995fe8826c365f6f6c30_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:bb2bb0ff78e1907d076e6bbc6be8334a01564ccc8a8759940b3dc22a21806480_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:4c5a84f576df02e526ae4dd5bc9756919b0c6c52c0a14fb88025403cf1fa0be8_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:55ff36cb2997f4c0f8577cf01269b1ee07f48be9919f956ca19b98232c8f80fa_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:9bd7d60037241e67bd5851ec2314a9c4a6ab0f3535c95b9343254cca948f99fb_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:16a37a40f4748821032a5f46dc13088572883bd68e97ca52f34a5ed6fe866721_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:510ae280b26fd8c80d4ecf067e6cf45bfd3fa60ff02755f184a9fd3af84f5803_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ca16ca4107aa91a40d0d1ab91352968a014a0eac1a02b680cca5730e7f261f6e_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:27d96c0f0f138e4703215212b109763488524003e4ceda60e47705c94cf750c6_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:8cee9ae2918bda1c7c54f13ab04e2c97f7647ab63e213009000064d1b2f2620b_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:e4b29d0a61df79ddf4a9b83b51841ce6a0752280844e7fe925fdda208abe1d5d_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ssh2: Command injection by calling vulnerable method with untrusted input"
}
]
}
CVE-2020-26301
Vulnerability from fkie_nvd
Published
2021-09-20 20:15
Modified
2024-11-21 05:19
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/ | Exploit, Patch, Third Party Advisory | |
| security-advisories@github.com | https://www.npmjs.com/package/ssh2 | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/ | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.npmjs.com/package/ssh2 | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh2_project | ssh2 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9A046B48-27ED-41C9-876A-07D1CC226B4A",
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0."
},
{
"lang": "es",
"value": "ssh2 es un m\u00f3dulo cliente y servidor escrito en JavaScript puro para node.js. En ssh2 versiones anteriores a 1.4.0, se presenta una vulnerabilidad de inyecci\u00f3n de comandos. El problema s\u00f3lo se presenta en Windows. Este problema puede conllevar una ejecuci\u00f3n de c\u00f3digo remota si un cliente de la biblioteca llama al m\u00e9todo vulnerable con una entrada no fiable. Esto es corregido en la versi\u00f3n 1.4.0"
}
],
"id": "CVE-2020-26301",
"lastModified": "2024-11-21T05:19:48.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-20T20:15:11.513",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.npmjs.com/package/ssh2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.npmjs.com/package/ssh2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
ghsa-652h-xwhf-q4h6
Vulnerability from github
Published
2021-09-21 16:50
Modified
2024-02-12 15:03
Severity ?
Summary
OS Command Injection in ssh2
Details
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "ssh2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-26301"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-21T14:50:54Z",
"nvd_published_at": "2021-09-20T20:15:00Z",
"severity": "HIGH"
},
"details": "ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.",
"id": "GHSA-652h-xwhf-q4h6",
"modified": "2024-02-12T15:03:29Z",
"published": "2021-09-21T16:50:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26301"
},
{
"type": "WEB",
"url": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21"
},
{
"type": "PACKAGE",
"url": "https://github.com/mscdex/ssh2"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/ssh2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "OS Command Injection in ssh2"
}
gsd-2020-26301
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-26301",
"description": "ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.",
"id": "GSD-2020-26301",
"references": [
"https://access.redhat.com/errata/RHSA-2021:4845"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-26301"
],
"details": "ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.",
"id": "GSD-2020-26301",
"modified": "2023-12-13T01:22:08.801452Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26301",
"STATE": "PUBLIC",
"TITLE": "Command injection in mscdex/ssh2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ssh2",
"version": {
"version_data": [
{
"version_value": "\u003c 1.4.0"
}
]
}
}
]
},
"vendor_name": "mscdex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21",
"refsource": "MISC",
"url": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/",
"refsource": "CONFIRM",
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/"
},
{
"name": "https://www.npmjs.com/package/ssh2",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/ssh2"
}
]
},
"source": {
"advisory": "GHSL-2020-123",
"discovery": "INTERNAL"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.4.0",
"affected_versions": "All versions before 1.4.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-78",
"CWE-937"
],
"date": "2021-09-21",
"description": "ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed ",
"fixed_versions": [
"1.4.0"
],
"identifier": "CVE-2020-26301",
"identifiers": [
"GHSA-652h-xwhf-q4h6",
"CVE-2020-26301"
],
"not_impacted": "All versions starting from 1.4.0",
"package_slug": "npm/ssh2",
"pubdate": "2021-09-21",
"solution": "Upgrade to version 1.4.0 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-26301",
"https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21",
"https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/",
"https://www.npmjs.com/package/ssh2",
"https://github.com/advisories/GHSA-652h-xwhf-q4h6"
],
"uuid": "03bc13b4-8a02-4d48-a05f-9d4b033b2a15"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26301"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/"
},
{
"name": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21"
},
{
"name": "https://www.npmjs.com/package/ssh2",
"refsource": "MISC",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.npmjs.com/package/ssh2"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
},
"lastModifiedDate": "2021-10-01T13:55Z",
"publishedDate": "2021-09-20T20:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.