Action not permitted
Modal body text goes here.
CVE-2021-20206
Vulnerability from cvelistv5
Published
2021-03-26 21:34
Modified
2024-08-03 17:30
Severity
Summary
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
Source | URL | Tags |
---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1919391 | Issue Tracking, Third Party Advisory |
secalert@redhat.com | https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549 | Third Party Advisory |
Impacted products
Vendor | Product |
---|---|
n/a | containernetworking-cni |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:30:07.575Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "containernetworking-cni", "vendor": "n/a", "versions": [ { "status": "affected", "version": "containernetworking/cni 0.8.1" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20-\u003eCWE-22", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-26T21:34:58", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20206", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "containernetworking-cni", "version": { "version_data": [ { "version_value": "containernetworking/cni 0.8.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20-\u003eCWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20206", "datePublished": "2021-03-26T21:34:58", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:30:07.575Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-20206\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-03-26T22:15:12.617\",\"lastModified\":\"2023-11-07T03:29:00.200\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \\\"../\\\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una limitaci\u00f3n inapropiada del fallo en el nombre de la ruta en containernetworking/cni en versiones anteriores a 0.8.1.\u0026#xa0;Cuando se especifica el plugin a cargar en el campo \\\"type\\\" en la configuraci\u00f3n de red, es posible usar elementos especiales como separadores \\\"../\\\" para hacer referencia a binarios en otras partes del sistema.\u0026#xa0;Este fallo permite a un atacante ejecutar otros binarios existentes que no sean los plugins y tipos de cni, como \\\"reboot\\\".\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.5},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:container_network_interface:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.8.1\",\"matchCriteriaId\":\"03195E86-5FBC-4A4B-AAE8-B0A4AF78BBFC\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1919391\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2021_1007
Vulnerability from csaf_redhat
Published
2021-04-05 13:39
Modified
2021-04-05 13:39
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.7.5 security and bug fix update
Notes
Topic
Red Hat OpenShift Container Platform release 4.7.5 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.5. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHSA-2021:1005
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Reports that has specified a retention should not be requeued in the sync handler (BZ#1929042)
* Placeholder bug for OCP 4.7.0 extras release (BZ#1944017)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.7.5 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.5. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:1005\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Reports that has specified a retention should not be requeued in the sync handler (BZ#1929042)\n\n* Placeholder bug for OCP 4.7.0 extras release (BZ#1944017)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1007", "url": "https://access.redhat.com/errata/RHSA-2021:1007" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_1007.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.5 security and bug fix update", "tracking": { "current_release_date": "2021-04-05T13:39:00Z", "generator": { "date": "2023-07-01T04:42:00Z", "engine": { "name": "Red Hat SDEngine", "version": "3.18.0" } }, "id": "RHSA-2021:1007", "initial_release_date": "2021-04-05T13:39:00Z", "revision_history": [ { "date": "2021-04-05T13:39:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "category": "product_version", "name": "openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/network-tools-rhel8:v4.7.0-202103270649.p0", "product": { "name": "openshift4/network-tools-rhel8:v4.7.0-202103270649.p0", "product_id": "openshift4/network-tools-rhel8:v4.7.0-202103270649.p0" } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ansible-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ansible-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-capacity:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-capacity:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-capacity:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-descheduler:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-descheduler:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-descheduler:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-egress-dns-proxy:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-egress-dns-proxy:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-egress-dns-proxy:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-egress-http-proxy:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-egress-http-proxy:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-egress-http-proxy:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-egress-router:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-egress-router:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-egress-router:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ghostunnel:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ghostunnel:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ghostunnel:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-helm-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-helm-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-helm-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-leader-elector-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-leader-elector-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-leader-elector-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-diskmaker:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-local-storage-diskmaker:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-local-storage-diskmaker:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-local-storage-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-local-storage-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-static-provisioner:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-local-storage-static-provisioner:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-local-storage-static-provisioner:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-hadoop:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-metering-hadoop:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-metering-hadoop:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-hive:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-metering-hive:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-metering-hive:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-presto:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-metering-presto:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-metering-presto:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-reporting-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-metering-reporting-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-metering-reporting-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-node-feature-discovery:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-node-feature-discovery:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-node-feature-discovery:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-node-problem-detector-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-node-problem-detector-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-node-problem-detector-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-operator-sdk-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-operator-sdk-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-operator-sdk-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ptp-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ptp-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ptp-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ptp:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ptp:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ptp:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-service-idler-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-service-idler-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-cni:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-sriov-cni:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-sriov-cni:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-sriov-dp-admission-controller:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-sriov-dp-admission-controller:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-config-daemon:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-sriov-network-config-daemon:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-sriov-network-config-daemon:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-device-plugin:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-sriov-network-device-plugin:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-sriov-network-device-plugin:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-sriov-network-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-sriov-network-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-webhook:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-sriov-network-webhook:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-sriov-network-webhook:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-operator-must-gather:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-sriov-operator-must-gather:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-sriov-operator-must-gather:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ptp-must-gather-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ptp-must-gather-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ptp-must-gather-rhel8:v4.7.0-202103270130.p0" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/network-tools-rhel8:v4.7.0-202103270649.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/network-tools-rhel8:v4.7.0-202103270649.p0" }, "product_reference": "openshift4/network-tools-rhel8:v4.7.0-202103270649.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ansible-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ansible-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capacity:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-capacity:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-capacity:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-descheduler:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-descheduler:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-descheduler:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-dns-proxy:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-egress-dns-proxy:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-egress-dns-proxy:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-http-proxy:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-egress-http-proxy:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-egress-http-proxy:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-router:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-egress-router:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-egress-router:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ghostunnel:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ghostunnel:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ghostunnel:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-helm-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-helm-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-helm-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-leader-elector-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-leader-elector-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-leader-elector-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-diskmaker:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-local-storage-diskmaker:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-local-storage-diskmaker:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-local-storage-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-local-storage-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-static-provisioner:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-local-storage-static-provisioner:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-local-storage-static-provisioner:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hadoop:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-metering-hadoop:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hive:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-hive:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-metering-hive:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-presto:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-presto:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-metering-presto:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-reporting-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-metering-reporting-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-feature-discovery:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-node-feature-discovery:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-node-feature-discovery:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-problem-detector-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-node-problem-detector-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-node-problem-detector-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-sdk-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-operator-sdk-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-operator-sdk-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ptp-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ptp-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ptp:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ptp:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-service-idler-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-cni:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-cni:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-sriov-cni:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-config-daemon:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-config-daemon:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-sriov-network-config-daemon:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-device-plugin:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-device-plugin:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-sriov-network-device-plugin:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-sriov-network-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-webhook:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-webhook:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-sriov-network-webhook:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-operator-must-gather:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-operator-must-gather:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-sriov-operator-must-gather:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ptp-must-gather-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ptp-must-gather-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ptp-must-gather-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3121", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-28T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.7:openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8:v4.7.0-202103270649.p0", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-capacity:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-descheduler:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-dns-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-http-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-router:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ghostunnel:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-helm-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-leader-elector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-diskmaker:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-static-provisioner:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-hive:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-presto:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-node-feature-discovery:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-node-problem-detector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-sdk-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ptp-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ptp:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-cni:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-config-daemon:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-device-plugin:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-webhook:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-operator-must-gather:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ptp-must-gather-rhel8:v4.7.0-202103270130.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0" ], "known_not_affected": [ "8Base-RHOSE-4.7:openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8:v4.7.0-202103270649.p0", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-capacity:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-descheduler:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-dns-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-http-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-router:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ghostunnel:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-helm-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-leader-elector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-diskmaker:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-static-provisioner:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-hive:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-presto:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-node-feature-discovery:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-node-problem-detector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-sdk-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ptp-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ptp:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-cni:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-config-daemon:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-device-plugin:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-webhook:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-operator-must-gather:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ptp-must-gather-rhel8:v4.7.0-202103270130.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121" }, { "category": "external", "summary": "CVE-2021-3121", "url": "https://access.redhat.com/security/cve/CVE-2021-3121" }, { "category": "external", "summary": "bz#1921650: CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" } ], "release_date": "2021-01-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1007" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-28T00:00:00Z", "details": "Important" } ], "title": "CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation" }, { "acknowledgments": [ { "names": [ "Casey Callendrello" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2021-20206", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-22T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.7:openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8:v4.7.0-202103270649.p0", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-capacity:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-descheduler:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-dns-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-http-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-router:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ghostunnel:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-helm-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-leader-elector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-diskmaker:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-static-provisioner:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-hive:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-presto:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-node-feature-discovery:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-node-problem-detector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-sdk-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ptp-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ptp:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-config-daemon:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-device-plugin:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-webhook:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-operator-must-gather:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ptp-must-gather-rhel8:v4.7.0-202103270130.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:openshift4/ose-sriov-cni:v4.7.0-202103270130.p0" ], "known_not_affected": [ "8Base-RHOSE-4.7:openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8:v4.7.0-202103270649.p0", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-capacity:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-descheduler:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-dns-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-http-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-egress-router:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ghostunnel:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-helm-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-leader-elector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-diskmaker:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-local-storage-static-provisioner:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-helm-container-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-hive:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-presto:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-node-feature-discovery:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-node-problem-detector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-sdk-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ptp-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ptp:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-config-daemon:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-device-plugin:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-webhook:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sriov-operator-must-gather:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ptp-must-gather-rhel8:v4.7.0-202103270130.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206" }, { "category": "external", "summary": "CVE-2021-20206", "url": "https://access.redhat.com/security/cve/CVE-2021-20206" }, { "category": "external", "summary": "bz#1919391: CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" } ], "release_date": "2021-02-05T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.7:openshift4/ose-sriov-cni:v4.7.0-202103270130.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1007" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:openshift4/ose-sriov-cni:v4.7.0-202103270130.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-22T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration" } ] }
rhsa-2022_0492
Vulnerability from csaf_redhat
Published
2022-02-16 11:18
Modified
2022-02-16 11:18
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.7.43 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.7.43 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.43. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2022:0491
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html
Security Fix(es):
* containernetworking-cni: Arbitrary path injection via type field in CNI
configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.43-x86_64
The image digest is sha256:45defc4b9ed55d539c50678387fe2d3e755c56f23afa210ea087b799d1138d48
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.43-s390x
The image digest is sha256:dc6363e8522ec44e852d2ab93209789a916b590d2185cffa1c4fb92d515376e9
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.43-ppc64le
The image digest is sha256:2bd16240cbc87f4d532bfae6d280742d986459a058a1f91f55f5b0e937f2cc03
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.7.43 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.7.43. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2022:0491\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nSecurity Fix(es):\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI\nconfiguration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.43-x86_64\n\nThe image digest is sha256:45defc4b9ed55d539c50678387fe2d3e755c56f23afa210ea087b799d1138d48\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.43-s390x\n\nThe image digest is sha256:dc6363e8522ec44e852d2ab93209789a916b590d2185cffa1c4fb92d515376e9\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.43-ppc64le\n\nThe image digest is sha256:2bd16240cbc87f4d532bfae6d280742d986459a058a1f91f55f5b0e937f2cc03\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0492", "url": "https://access.redhat.com/errata/RHSA-2022:0492" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_0492.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.43 security update", "tracking": { "current_release_date": "2022-02-16T11:18:00Z", "generator": { "date": "2023-07-01T05:21:00Z", "engine": { "name": "Red Hat SDEngine", "version": "3.18.0" } }, "id": "RHSA-2022:0492", "initial_release_date": "2022-02-16T11:18:00Z", "revision_history": [ { "date": "2022-02-16T11:18:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "category": "product_version", "name": "openshift4/driver-toolkit-rhel8:v4.7.0-202201261123.p0.gbcd11a1.assembly.stream", "product": { "name": "openshift4/driver-toolkit-rhel8:v4.7.0-202201261123.p0.gbcd11a1.assembly.stream", "product_id": "openshift4/driver-toolkit-rhel8:v4.7.0-202201261123.p0.gbcd11a1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/egress-router-cni-rhel8:v4.7.0-202201261123.p0.g96ebd37.assembly.stream", "product": { "name": "openshift4/egress-router-cni-rhel8:v4.7.0-202201261123.p0.g96ebd37.assembly.stream", "product_id": "openshift4/egress-router-cni-rhel8:v4.7.0-202201261123.p0.g96ebd37.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g3a9ff17.assembly.stream", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g3a9ff17.assembly.stream", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g3a9ff17.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202201261123.p0.gf6a71bf.assembly.stream", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202201261123.p0.gf6a71bf.assembly.stream", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202201261123.p0.gf6a71bf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-machine-controllers:v4.7.0-202201261123.p0.g5368195.assembly.stream", "product": { "name": "openshift4/ose-aws-machine-controllers:v4.7.0-202201261123.p0.g5368195.assembly.stream", "product_id": "openshift4/ose-aws-machine-controllers:v4.7.0-202201261123.p0.g5368195.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202201291225.p0.g5ad6650.assembly.stream", "product": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202201291225.p0.g5ad6650.assembly.stream", "product_id": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202201291225.p0.g5ad6650.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-machine-controllers:v4.7.0-202201261123.p0.g723b7ab.assembly.stream", "product": { "name": "openshift4/ose-azure-machine-controllers:v4.7.0-202201261123.p0.g723b7ab.assembly.stream", "product_id": "openshift4/ose-azure-machine-controllers:v4.7.0-202201261123.p0.g723b7ab.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202201261123.p0.gb406013.assembly.stream", "product": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202201261123.p0.gb406013.assembly.stream", "product_id": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202201261123.p0.gb406013.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-machine-controllers:v4.7.0-202201261123.p0.g6d86e62.assembly.stream", "product": { "name": "openshift4/ose-baremetal-machine-controllers:v4.7.0-202201261123.p0.g6d86e62.assembly.stream", "product_id": "openshift4/ose-baremetal-machine-controllers:v4.7.0-202201261123.p0.g6d86e62.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-rhel8-operator:v4.7.0-202201261123.p0.ge36cbc1.assembly.stream", "product": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.7.0-202201261123.p0.ge36cbc1.assembly.stream", "product_id": "openshift4/ose-baremetal-rhel8-operator:v4.7.0-202201261123.p0.ge36cbc1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202201261123.p0.g9c5da32.assembly.stream", "product": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202201261123.p0.g9c5da32.assembly.stream", "product_id": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202201261123.p0.g9c5da32.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli-artifacts:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "product": { "name": "openshift4/ose-cli-artifacts:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "product_id": "openshift4/ose-cli-artifacts:v4.7.0-202201261537.p0.g25914b8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli:v4.7.0-202201261123.p0.g25914b8.assembly.stream", "product": { "name": "openshift4/ose-cli:v4.7.0-202201261123.p0.g25914b8.assembly.stream", "product_id": "openshift4/ose-cli:v4.7.0-202201261123.p0.g25914b8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cloud-credential-operator:v4.7.0-202201261123.p0.ge4c8b05.assembly.stream", "product": { "name": "openshift4/ose-cloud-credential-operator:v4.7.0-202201261123.p0.ge4c8b05.assembly.stream", "product_id": "openshift4/ose-cloud-credential-operator:v4.7.0-202201261123.p0.ge4c8b05.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-authentication-operator:v4.7.0-202201261123.p0.g5c93df5.assembly.stream", "product": { "name": "openshift4/ose-cluster-authentication-operator:v4.7.0-202201261123.p0.g5c93df5.assembly.stream", "product_id": "openshift4/ose-cluster-authentication-operator:v4.7.0-202201261123.p0.g5c93df5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler-operator:v4.7.0-202201261123.p0.g7658bea.assembly.stream", "product": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.7.0-202201261123.p0.g7658bea.assembly.stream", "product_id": "openshift4/ose-cluster-autoscaler-operator:v4.7.0-202201261123.p0.g7658bea.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler:v4.7.0-202201261123.p0.g8b2e494.assembly.stream", "product": { "name": "openshift4/ose-cluster-autoscaler:v4.7.0-202201261123.p0.g8b2e494.assembly.stream", "product_id": "openshift4/ose-cluster-autoscaler:v4.7.0-202201261123.p0.g8b2e494.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202201261123.p0.gf73e5fc.assembly.stream", "product": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202201261123.p0.gf73e5fc.assembly.stream", "product_id": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202201261123.p0.gf73e5fc.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-bootstrap:v4.7.0-202201261123.p0.g6665cae.assembly.stream", "product": { "name": "openshift4/ose-cluster-bootstrap:v4.7.0-202201261123.p0.g6665cae.assembly.stream", "product_id": "openshift4/ose-cluster-bootstrap:v4.7.0-202201261123.p0.g6665cae.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-config-operator:v4.7.0-202201261123.p0.g07e059a.assembly.stream", "product": { "name": "openshift4/ose-cluster-config-operator:v4.7.0-202201261123.p0.g07e059a.assembly.stream", "product_id": "openshift4/ose-cluster-config-operator:v4.7.0-202201261123.p0.g07e059a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202201261123.p0.gfc036b5.assembly.stream", "product": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202201261123.p0.gfc036b5.assembly.stream", "product_id": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202201261123.p0.gfc036b5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-dns-operator:v4.7.0-202201261123.p0.gcf8be7b.assembly.stream", "product": { "name": "openshift4/ose-cluster-dns-operator:v4.7.0-202201261123.p0.gcf8be7b.assembly.stream", "product_id": "openshift4/ose-cluster-dns-operator:v4.7.0-202201261123.p0.gcf8be7b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202201261123.p0.g51cb8c4.assembly.stream", "product": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202201261123.p0.g51cb8c4.assembly.stream", "product_id": "openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202201261123.p0.g51cb8c4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-image-registry-operator:v4.7.0-202201261123.p0.g70a8588.assembly.stream", "product": { "name": "openshift4/ose-cluster-image-registry-operator:v4.7.0-202201261123.p0.g70a8588.assembly.stream", "product_id": "openshift4/ose-cluster-image-registry-operator:v4.7.0-202201261123.p0.g70a8588.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-ingress-operator:v4.7.0-202201261123.p0.ge76561d.assembly.stream", "product": { "name": "openshift4/ose-cluster-ingress-operator:v4.7.0-202201261123.p0.ge76561d.assembly.stream", "product_id": "openshift4/ose-cluster-ingress-operator:v4.7.0-202201261123.p0.ge76561d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202201261123.p0.gd5d5759.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202201261123.p0.gd5d5759.assembly.stream", "product_id": "openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202201261123.p0.gd5d5759.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202201261123.p0.g2815909.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202201261123.p0.g2815909.assembly.stream", "product_id": "openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202201261123.p0.g2815909.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202201261123.p0.gb2204ca.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202201261123.p0.gb2204ca.assembly.stream", "product_id": "openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202201261123.p0.gb2204ca.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202201261123.p0.g5448475.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202201261123.p0.g5448475.assembly.stream", "product_id": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202201261123.p0.g5448475.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-machine-approver:v4.7.0-202201261123.p0.g9043e2b.assembly.stream", "product": { "name": "openshift4/ose-cluster-machine-approver:v4.7.0-202201261123.p0.g9043e2b.assembly.stream", "product_id": "openshift4/ose-cluster-machine-approver:v4.7.0-202201261123.p0.g9043e2b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-monitoring-operator:v4.7.0-202201261123.p0.g0f7da46.assembly.stream", "product": { "name": "openshift4/ose-cluster-monitoring-operator:v4.7.0-202201261123.p0.g0f7da46.assembly.stream", "product_id": "openshift4/ose-cluster-monitoring-operator:v4.7.0-202201261123.p0.g0f7da46.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-network-operator:v4.7.0-202202021937.p0.gd5ee3cf.assembly.stream", "product": { "name": "openshift4/ose-cluster-network-operator:v4.7.0-202202021937.p0.gd5ee3cf.assembly.stream", "product_id": "openshift4/ose-cluster-network-operator:v4.7.0-202202021937.p0.gd5ee3cf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-node-tuning-operator:v4.7.0-202201261123.p0.g9316487.assembly.stream", "product": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.7.0-202201261123.p0.g9316487.assembly.stream", "product_id": "openshift4/ose-cluster-node-tuning-operator:v4.7.0-202201261123.p0.g9316487.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202201261123.p0.gdf9b1a4.assembly.stream", "product": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202201261123.p0.gdf9b1a4.assembly.stream", "product_id": "openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202201261123.p0.gdf9b1a4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202201261123.p0.g2a8963a.assembly.stream", "product": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202201261123.p0.g2a8963a.assembly.stream", "product_id": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202201261123.p0.g2a8963a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202201261123.p0.g42791ba.assembly.stream", "product": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202201261123.p0.g42791ba.assembly.stream", "product_id": "openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202201261123.p0.g42791ba.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-samples-operator:v4.7.0-202201261123.p0.g1892553.assembly.stream", "product": { "name": "openshift4/ose-cluster-samples-operator:v4.7.0-202201261123.p0.g1892553.assembly.stream", "product_id": "openshift4/ose-cluster-samples-operator:v4.7.0-202201261123.p0.g1892553.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-storage-operator:v4.7.0-202201261123.p0.gd6f34df.assembly.stream", "product": { "name": "openshift4/ose-cluster-storage-operator:v4.7.0-202201261123.p0.gd6f34df.assembly.stream", "product_id": "openshift4/ose-cluster-storage-operator:v4.7.0-202201261123.p0.gd6f34df.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-update-keys:v4.7.0-202201261123.p0.gb7e7917.assembly.stream", "product": { "name": "openshift4/ose-cluster-update-keys:v4.7.0-202201261123.p0.gb7e7917.assembly.stream", "product_id": "openshift4/ose-cluster-update-keys:v4.7.0-202201261123.p0.gb7e7917.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-version-operator:v4.7.0-202201261123.p0.g4e7c701.assembly.stream", "product": { "name": "openshift4/ose-cluster-version-operator:v4.7.0-202201261123.p0.g4e7c701.assembly.stream", "product_id": "openshift4/ose-cluster-version-operator:v4.7.0-202201261123.p0.g4e7c701.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-configmap-reloader:v4.7.0-202201261123.p0.gb957dff.assembly.stream", "product": { "name": "openshift4/ose-configmap-reloader:v4.7.0-202201261123.p0.gb957dff.assembly.stream", "product_id": "openshift4/ose-configmap-reloader:v4.7.0-202201261123.p0.gb957dff.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-console-operator:v4.7.0-202201280725.p0.gc3019e2.assembly.stream", "product": { "name": "openshift4/ose-console-operator:v4.7.0-202201280725.p0.gc3019e2.assembly.stream", "product_id": "openshift4/ose-console-operator:v4.7.0-202201280725.p0.gc3019e2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-console:v4.7.0-202201262042.p0.gc2bc5b2.assembly.stream", "product": { "name": "openshift4/ose-console:v4.7.0-202201262042.p0.gc2bc5b2.assembly.stream", "product_id": "openshift4/ose-console:v4.7.0-202201262042.p0.gc2bc5b2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream", "product": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream", "product_id": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-coredns:v4.7.0-202201261123.p0.gd4a3ba3.assembly.stream", "product": { "name": "openshift4/ose-coredns:v4.7.0-202201261123.p0.gd4a3ba3.assembly.stream", "product_id": "openshift4/ose-coredns:v4.7.0-202201261123.p0.gd4a3ba3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202201261123.p0.gb652a62.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202201261123.p0.gb652a62.assembly.stream", "product_id": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202201261123.p0.gb652a62.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream", "product_id": "openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202201261123.p0.g9404d34.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202201261123.p0.g9404d34.assembly.stream", "product_id": "openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202201261123.p0.g9404d34.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202201261123.p0.gf152de8.assembly.stream", "product": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202201261123.p0.gf152de8.assembly.stream", "product_id": "openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202201261123.p0.gf152de8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher:v4.7.0-202201261123.p0.gf152de8.assembly.stream", "product": { "name": "openshift4/ose-csi-external-attacher:v4.7.0-202201261123.p0.gf152de8.assembly.stream", "product_id": "openshift4/ose-csi-external-attacher:v4.7.0-202201261123.p0.gf152de8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202201261123.p0.ga49415e.assembly.stream", "product": { "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202201261123.p0.ga49415e.assembly.stream", "product_id": "openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202201261123.p0.ga49415e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-provisioner:v4.7.0-202201261123.p0.ga49415e.assembly.stream", "product": { "name": "openshift4/ose-csi-external-provisioner:v4.7.0-202201261123.p0.ga49415e.assembly.stream", "product_id": "openshift4/ose-csi-external-provisioner:v4.7.0-202201261123.p0.ga49415e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202201261123.p0.gf77279e.assembly.stream", "product": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202201261123.p0.gf77279e.assembly.stream", "product_id": "openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202201261123.p0.gf77279e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer:v4.7.0-202201261123.p0.gf77279e.assembly.stream", "product": { "name": "openshift4/ose-csi-external-resizer:v4.7.0-202201261123.p0.gf77279e.assembly.stream", "product_id": "openshift4/ose-csi-external-resizer:v4.7.0-202201261123.p0.gf77279e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "product": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "product_id": "openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter:v4.7.0-202201261123.p0.g2677373.assembly.stream", "product": { "name": "openshift4/ose-csi-external-snapshotter:v4.7.0-202201261123.p0.g2677373.assembly.stream", "product_id": "openshift4/ose-csi-external-snapshotter:v4.7.0-202201261123.p0.g2677373.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202201261123.p0.g3dad028.assembly.stream", "product": { "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202201261123.p0.g3dad028.assembly.stream", "product_id": "openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202201261123.p0.g3dad028.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-livenessprobe:v4.7.0-202201261123.p0.g3dad028.assembly.stream", "product": { "name": "openshift4/ose-csi-livenessprobe:v4.7.0-202201261123.p0.g3dad028.assembly.stream", "product_id": "openshift4/ose-csi-livenessprobe:v4.7.0-202201261123.p0.g3dad028.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202201261123.p0.g2a77963.assembly.stream", "product": { "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202201261123.p0.g2a77963.assembly.stream", "product_id": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202201261123.p0.g2a77963.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-node-driver-registrar:v4.7.0-202201261123.p0.g2a77963.assembly.stream", "product": { "name": "openshift4/ose-csi-node-driver-registrar:v4.7.0-202201261123.p0.g2a77963.assembly.stream", "product_id": "openshift4/ose-csi-node-driver-registrar:v4.7.0-202201261123.p0.g2a77963.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller:v4.7.0-202201261123.p0.g2677373.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-controller:v4.7.0-202201261123.p0.g2677373.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-controller:v4.7.0-202201261123.p0.g2677373.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-deployer:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "product": { "name": "openshift4/ose-deployer:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "product_id": "openshift4/ose-deployer:v4.7.0-202201261537.p0.g25914b8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-docker-builder:v4.7.0-202201261123.p0.g5a46979.assembly.stream", "product": { "name": "openshift4/ose-docker-builder:v4.7.0-202201261123.p0.g5a46979.assembly.stream", "product_id": "openshift4/ose-docker-builder:v4.7.0-202201261123.p0.g5a46979.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-docker-registry:v4.7.0-202201261123.p0.g8b03485.assembly.stream", "product": { "name": "openshift4/ose-docker-registry:v4.7.0-202201261123.p0.g8b03485.assembly.stream", "product_id": "openshift4/ose-docker-registry:v4.7.0-202201261123.p0.g8b03485.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-etcd:v4.7.0-202201261123.p0.gc61e5af.assembly.stream", "product": { "name": "openshift4/ose-etcd:v4.7.0-202201261123.p0.gc61e5af.assembly.stream", "product_id": "openshift4/ose-etcd:v4.7.0-202201261123.p0.gc61e5af.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202201261123.p0.g5f6589d.assembly.stream", "product": { "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202201261123.p0.g5f6589d.assembly.stream", "product_id": "openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202201261123.p0.g5f6589d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202201261123.p0.gd40dd57.assembly.stream", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202201261123.p0.gd40dd57.assembly.stream", "product_id": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202201261123.p0.gd40dd57.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202201261123.p0.g0cb61d2.assembly.stream", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202201261123.p0.g0cb61d2.assembly.stream", "product_id": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202201261123.p0.g0cb61d2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-grafana:v4.7.0-202201261123.p0.gb02c35d.assembly.stream", "product": { "name": "openshift4/ose-grafana:v4.7.0-202201261123.p0.gb02c35d.assembly.stream", "product_id": "openshift4/ose-grafana:v4.7.0-202201261123.p0.gb02c35d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-haproxy-router:v4.7.0-202201261537.p0.g4ab216f.assembly.stream", "product": { "name": "openshift4/ose-haproxy-router:v4.7.0-202201261537.p0.g4ab216f.assembly.stream", "product_id": "openshift4/ose-haproxy-router:v4.7.0-202201261537.p0.g4ab216f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-hello-openshift-rhel8:v4.7.0-202201261123.p0.g7706ed4.assembly.stream", "product": { "name": "openshift4/ose-hello-openshift-rhel8:v4.7.0-202201261123.p0.g7706ed4.assembly.stream", "product_id": "openshift4/ose-hello-openshift-rhel8:v4.7.0-202201261123.p0.g7706ed4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-hyperkube:v4.7.0-202201261123.p0.ge880017.assembly.stream", "product": { "name": "openshift4/ose-hyperkube:v4.7.0-202201261123.p0.ge880017.assembly.stream", "product_id": "openshift4/ose-hyperkube:v4.7.0-202201261123.p0.ge880017.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-insights-rhel8-operator:v4.7.0-202201261123.p0.gaccd496.assembly.stream", "product": { "name": "openshift4/ose-insights-rhel8-operator:v4.7.0-202201261123.p0.gaccd496.assembly.stream", "product_id": "openshift4/ose-insights-rhel8-operator:v4.7.0-202201261123.p0.gaccd496.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-installer-artifacts:v4.7.0-202201261537.p0.gb406013.assembly.stream", "product": { "name": "openshift4/ose-installer-artifacts:v4.7.0-202201261537.p0.gb406013.assembly.stream", "product_id": "openshift4/ose-installer-artifacts:v4.7.0-202201261537.p0.gb406013.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-installer:v4.7.0-202201261123.p0.gb406013.assembly.stream", "product": { "name": "openshift4/ose-installer:v4.7.0-202201261123.p0.gb406013.assembly.stream", "product_id": "openshift4/ose-installer:v4.7.0-202201261123.p0.gb406013.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202201261123.p0.g564aaca.assembly.stream", "product": { "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202201261123.p0.g564aaca.assembly.stream", "product_id": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202201261123.p0.g564aaca.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-inspector-rhel8:v4.7.0-202201261123.p0.gb6cbf03.assembly.stream", "product": { "name": "openshift4/ose-ironic-inspector-rhel8:v4.7.0-202201261123.p0.gb6cbf03.assembly.stream", "product_id": "openshift4/ose-ironic-inspector-rhel8:v4.7.0-202201261123.p0.gb6cbf03.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202201261123.p0.gf33b14a.assembly.stream", "product": { "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202201261123.p0.gf33b14a.assembly.stream", "product_id": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202201261123.p0.gf33b14a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202201261123.p0.g870afcb.assembly.stream", "product": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202201261123.p0.g870afcb.assembly.stream", "product_id": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202201261123.p0.g870afcb.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-rhel8:v4.7.0-202201261123.p0.g1a7f41b.assembly.stream", "product": { "name": "openshift4/ose-ironic-rhel8:v4.7.0-202201261123.p0.g1a7f41b.assembly.stream", "product_id": "openshift4/ose-ironic-rhel8:v4.7.0-202201261123.p0.g1a7f41b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202201261123.p0.g43d640a.assembly.stream", "product": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202201261123.p0.g43d640a.assembly.stream", "product_id": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202201261123.p0.g43d640a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-base:v4.7.0-202202020525.p0.g1383028.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-base:v4.7.0-202202020525.p0.g1383028.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-base:v4.7.0-202202020525.p0.g1383028.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-maven:v4.7.0-202202020525.p0.g1383028.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-maven:v4.7.0-202202020525.p0.g1383028.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-maven:v4.7.0-202202020525.p0.g1383028.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins:v4.7.0-202202031028.p0.g1383028.assembly.stream", "product": { "name": "openshift4/ose-jenkins:v4.7.0-202202031028.p0.g1383028.assembly.stream", "product_id": "openshift4/ose-jenkins:v4.7.0-202202031028.p0.g1383028.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-k8s-prometheus-adapter:v4.7.0-202201261123.p0.g212d80b.assembly.stream", "product": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.7.0-202201261123.p0.g212d80b.assembly.stream", "product_id": "openshift4/ose-k8s-prometheus-adapter:v4.7.0-202201261123.p0.g212d80b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-keepalived-ipfailover:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "product": { "name": "openshift4/ose-keepalived-ipfailover:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "product_id": "openshift4/ose-keepalived-ipfailover:v4.7.0-202201261123.p0.g0e45f63.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-proxy:v4.7.0-202201261537.p0.g0e051e5.assembly.stream", "product": { "name": "openshift4/ose-kube-proxy:v4.7.0-202201261537.p0.g0e051e5.assembly.stream", "product_id": "openshift4/ose-kube-proxy:v4.7.0-202201261537.p0.g0e051e5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-rbac-proxy:v4.7.0-202201261123.p0.g14c288e.assembly.stream", "product": { "name": "openshift4/ose-kube-rbac-proxy:v4.7.0-202201261123.p0.g14c288e.assembly.stream", "product_id": "openshift4/ose-kube-rbac-proxy:v4.7.0-202201261123.p0.g14c288e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-state-metrics:v4.7.0-202201261123.p0.g04bff70.assembly.stream", "product": { "name": "openshift4/ose-kube-state-metrics:v4.7.0-202201261123.p0.g04bff70.assembly.stream", "product_id": "openshift4/ose-kube-state-metrics:v4.7.0-202201261123.p0.g04bff70.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202201261123.p0.g329a4b0.assembly.stream", "product": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202201261123.p0.g329a4b0.assembly.stream", "product_id": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202201261123.p0.g329a4b0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-cni-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream", "product": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream", "product_id": "openshift4/ose-kuryr-cni-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-controller-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream", "product": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream", "product_id": "openshift4/ose-kuryr-controller-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-libvirt-machine-controllers:v4.7.0-202201261123.p0.geb819cb.assembly.stream", "product": { "name": "openshift4/ose-libvirt-machine-controllers:v4.7.0-202201261123.p0.geb819cb.assembly.stream", "product_id": "openshift4/ose-libvirt-machine-controllers:v4.7.0-202201261123.p0.geb819cb.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-operator:v4.7.0-202201261123.p0.g8578fef.assembly.stream", "product": { "name": "openshift4/ose-machine-api-operator:v4.7.0-202201261123.p0.g8578fef.assembly.stream", "product_id": "openshift4/ose-machine-api-operator:v4.7.0-202201261123.p0.g8578fef.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-config-operator:v4.7.0-202201261123.p0.g824271e.assembly.stream", "product": { "name": "openshift4/ose-machine-config-operator:v4.7.0-202201261123.p0.g824271e.assembly.stream", "product_id": "openshift4/ose-machine-config-operator:v4.7.0-202201261123.p0.g824271e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-mdns-publisher-rhel8:v4.7.0-202201261123.p0.gaf3f360.assembly.stream", "product": { "name": "openshift4/ose-mdns-publisher-rhel8:v4.7.0-202201261123.p0.gaf3f360.assembly.stream", "product_id": "openshift4/ose-mdns-publisher-rhel8:v4.7.0-202201261123.p0.gaf3f360.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-admission-controller:v4.7.0-202201261123.p0.ga7312f5.assembly.stream", "product": { "name": "openshift4/ose-multus-admission-controller:v4.7.0-202201261123.p0.ga7312f5.assembly.stream", "product_id": "openshift4/ose-multus-admission-controller:v4.7.0-202201261123.p0.ga7312f5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-cni:v4.7.0-202201261123.p0.g5530094.assembly.stream", "product": { "name": "openshift4/ose-multus-cni:v4.7.0-202201261123.p0.g5530094.assembly.stream", "product_id": "openshift4/ose-multus-cni:v4.7.0-202201261123.p0.g5530094.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202201261123.p0.g820a753.assembly.stream", "product": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202201261123.p0.g820a753.assembly.stream", "product_id": "openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202201261123.p0.g820a753.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202201261123.p0.g1662c3e.assembly.stream", "product": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202201261123.p0.g1662c3e.assembly.stream", "product_id": "openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202201261123.p0.g1662c3e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202202011553.p0.g7b05b37.assembly.stream", "product": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202202011553.p0.g7b05b37.assembly.stream", "product_id": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202202011553.p0.g7b05b37.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-must-gather:v4.7.0-202201261537.p0.g205d4e3.assembly.stream", "product": { "name": "openshift4/ose-must-gather:v4.7.0-202201261537.p0.g205d4e3.assembly.stream", "product_id": "openshift4/ose-must-gather:v4.7.0-202201261537.p0.g205d4e3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202201261123.p0.gd73afb7.assembly.stream", "product": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202201261123.p0.gd73afb7.assembly.stream", "product_id": "openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202201261123.p0.gd73afb7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202201261123.p0.g69f527e.assembly.stream", "product": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202201261123.p0.g69f527e.assembly.stream", "product_id": "openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202201261123.p0.g69f527e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-proxy:v4.7.0-202201261123.p0.gfd4dfe7.assembly.stream", "product": { "name": "openshift4/ose-oauth-proxy:v4.7.0-202201261123.p0.gfd4dfe7.assembly.stream", "product_id": "openshift4/ose-oauth-proxy:v4.7.0-202201261123.p0.gfd4dfe7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-server-rhel8:v4.7.0-202201261123.p0.g55f888e.assembly.stream", "product": { "name": "openshift4/ose-oauth-server-rhel8:v4.7.0-202201261123.p0.g55f888e.assembly.stream", "product_id": "openshift4/ose-oauth-server-rhel8:v4.7.0-202201261123.p0.g55f888e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202201261123.p0.gc35a474.assembly.stream", "product": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202201261123.p0.gc35a474.assembly.stream", "product_id": "openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202201261123.p0.gc35a474.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202201261123.p0.gc93745b.assembly.stream", "product": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202201261123.p0.gc93745b.assembly.stream", "product_id": "openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202201261123.p0.gc93745b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202201261123.p0.g40b0968.assembly.stream", "product": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202201261123.p0.g40b0968.assembly.stream", "product_id": "openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202201261123.p0.g40b0968.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.gbfb0e08.assembly.stream", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.gbfb0e08.assembly.stream", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.gbfb0e08.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-machine-controllers:v4.7.0-202201261123.p0.gdcb7828.assembly.stream", "product": { "name": "openshift4/ose-openstack-machine-controllers:v4.7.0-202201261123.p0.gdcb7828.assembly.stream", "product_id": "openshift4/ose-openstack-machine-controllers:v4.7.0-202201261123.p0.gdcb7828.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-lifecycle-manager:v4.7.0-202201261123.p0.g6bc6b9c.assembly.stream", "product": { "name": "openshift4/ose-operator-lifecycle-manager:v4.7.0-202201261123.p0.g6bc6b9c.assembly.stream", "product_id": "openshift4/ose-operator-lifecycle-manager:v4.7.0-202201261123.p0.g6bc6b9c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-marketplace:v4.7.0-202201261123.p0.g23f38d3.assembly.stream", "product": { "name": "openshift4/ose-operator-marketplace:v4.7.0-202201261123.p0.g23f38d3.assembly.stream", "product_id": "openshift4/ose-operator-marketplace:v4.7.0-202201261123.p0.g23f38d3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-registry:v4.7.0-202201261123.p0.g06e950d.assembly.stream", "product": { "name": "openshift4/ose-operator-registry:v4.7.0-202201261123.p0.g06e950d.assembly.stream", "product_id": "openshift4/ose-operator-registry:v4.7.0-202201261123.p0.g06e950d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202201261123.p0.g75b3272.assembly.stream", "product": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202201261123.p0.g75b3272.assembly.stream", "product_id": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202201261123.p0.g75b3272.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ovn-kubernetes:v4.7.0-202202011649.p0.g79dcf8f.assembly.stream", "product": { "name": "openshift4/ose-ovn-kubernetes:v4.7.0-202202011649.p0.g79dcf8f.assembly.stream", "product_id": "openshift4/ose-ovn-kubernetes:v4.7.0-202202011649.p0.g79dcf8f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-pod:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "product": { "name": "openshift4/ose-pod:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "product_id": "openshift4/ose-pod:v4.7.0-202201261123.p0.g0e45f63.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prom-label-proxy:v4.7.0-202201261123.p0.gdb87872.assembly.stream", "product": { "name": "openshift4/ose-prom-label-proxy:v4.7.0-202201261123.p0.gdb87872.assembly.stream", "product_id": "openshift4/ose-prom-label-proxy:v4.7.0-202201261123.p0.gdb87872.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-alertmanager:v4.7.0-202201261123.p0.g9954cc4.assembly.stream", "product": { "name": "openshift4/ose-prometheus-alertmanager:v4.7.0-202201261123.p0.g9954cc4.assembly.stream", "product_id": "openshift4/ose-prometheus-alertmanager:v4.7.0-202201261123.p0.g9954cc4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-config-reloader:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream", "product": { "name": "openshift4/ose-prometheus-config-reloader:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream", "product_id": "openshift4/ose-prometheus-config-reloader:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-node-exporter:v4.7.0-202201261123.p0.g76974e2.assembly.stream", "product": { "name": "openshift4/ose-prometheus-node-exporter:v4.7.0-202201261123.p0.g76974e2.assembly.stream", "product_id": "openshift4/ose-prometheus-node-exporter:v4.7.0-202201261123.p0.g76974e2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-operator:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream", "product": { "name": "openshift4/ose-prometheus-operator:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream", "product_id": "openshift4/ose-prometheus-operator:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus:v4.7.0-202201261123.p0.gcb5e53c.assembly.stream", "product": { "name": "openshift4/ose-prometheus:v4.7.0-202201261123.p0.gcb5e53c.assembly.stream", "product_id": "openshift4/ose-prometheus:v4.7.0-202201261123.p0.gcb5e53c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sdn-rhel8:v4.7.0-202201261123.p0.g0e051e5.assembly.stream", "product": { "name": "openshift4/ose-sdn-rhel8:v4.7.0-202201261123.p0.g0e051e5.assembly.stream", "product_id": "openshift4/ose-sdn-rhel8:v4.7.0-202201261123.p0.g0e051e5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-service-ca-operator:v4.7.0-202201261123.p0.gf65053f.assembly.stream", "product": { "name": "openshift4/ose-service-ca-operator:v4.7.0-202201261123.p0.gf65053f.assembly.stream", "product_id": "openshift4/ose-service-ca-operator:v4.7.0-202201261123.p0.gf65053f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-telemeter:v4.7.0-202201261123.p0.ge4dac51.assembly.stream", "product": { "name": "openshift4/ose-telemeter:v4.7.0-202201261123.p0.ge4dac51.assembly.stream", "product_id": "openshift4/ose-telemeter:v4.7.0-202201261123.p0.ge4dac51.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-tests:v4.7.0-202201261537.p0.g7706ed4.assembly.stream", "product": { "name": "openshift4/ose-tests:v4.7.0-202201261537.p0.g7706ed4.assembly.stream", "product_id": "openshift4/ose-tests:v4.7.0-202201261537.p0.g7706ed4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-thanos-rhel8:v4.7.0-202201261123.p0.g319e70c.assembly.stream", "product": { "name": "openshift4/ose-thanos-rhel8:v4.7.0-202201261123.p0.g319e70c.assembly.stream", "product_id": "openshift4/ose-thanos-rhel8:v4.7.0-202201261123.p0.g319e70c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-tools-rhel8:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "product": { "name": "openshift4/ose-tools-rhel8:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "product_id": "openshift4/ose-tools-rhel8:v4.7.0-202201261537.p0.g25914b8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202201261123.p0.g9854609.assembly.stream", "product": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202201261123.p0.g9854609.assembly.stream", "product_id": "openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202201261123.p0.g9854609.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel7:v4.7.0-202201261123.p0.g72545e6.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel7:v4.7.0-202201261123.p0.g72545e6.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel7:v4.7.0-202201261123.p0.g72545e6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g5e51508.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g5e51508.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g5e51508.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel8:v4.7.0-202201261123.p0.g72545e6.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel8:v4.7.0-202201261123.p0.g72545e6.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel8:v4.7.0-202201261123.p0.g72545e6.assembly.stream" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/driver-toolkit-rhel8:v4.7.0-202201261123.p0.gbcd11a1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/driver-toolkit-rhel8:v4.7.0-202201261123.p0.gbcd11a1.assembly.stream" }, "product_reference": "openshift4/driver-toolkit-rhel8:v4.7.0-202201261123.p0.gbcd11a1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/egress-router-cni-rhel8:v4.7.0-202201261123.p0.g96ebd37.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/egress-router-cni-rhel8:v4.7.0-202201261123.p0.g96ebd37.assembly.stream" }, "product_reference": "openshift4/egress-router-cni-rhel8:v4.7.0-202201261123.p0.g96ebd37.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g3a9ff17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g3a9ff17.assembly.stream" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g3a9ff17.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202201261123.p0.gf6a71bf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202201261123.p0.gf6a71bf.assembly.stream" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202201261123.p0.gf6a71bf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-machine-controllers:v4.7.0-202201261123.p0.g5368195.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-aws-machine-controllers:v4.7.0-202201261123.p0.g5368195.assembly.stream" }, "product_reference": "openshift4/ose-aws-machine-controllers:v4.7.0-202201261123.p0.g5368195.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202201291225.p0.g5ad6650.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202201291225.p0.g5ad6650.assembly.stream" }, "product_reference": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202201291225.p0.g5ad6650.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-machine-controllers:v4.7.0-202201261123.p0.g723b7ab.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-azure-machine-controllers:v4.7.0-202201261123.p0.g723b7ab.assembly.stream" }, "product_reference": "openshift4/ose-azure-machine-controllers:v4.7.0-202201261123.p0.g723b7ab.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202201261123.p0.gb406013.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-baremetal-installer-rhel8:v4.7.0-202201261123.p0.gb406013.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202201261123.p0.gb406013.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-machine-controllers:v4.7.0-202201261123.p0.g6d86e62.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-baremetal-machine-controllers:v4.7.0-202201261123.p0.g6d86e62.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-machine-controllers:v4.7.0-202201261123.p0.g6d86e62.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.7.0-202201261123.p0.ge36cbc1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-baremetal-rhel8-operator:v4.7.0-202201261123.p0.ge36cbc1.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-rhel8-operator:v4.7.0-202201261123.p0.ge36cbc1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202201261123.p0.g9c5da32.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202201261123.p0.g9c5da32.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202201261123.p0.g9c5da32.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli-artifacts:v4.7.0-202201261537.p0.g25914b8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cli-artifacts:v4.7.0-202201261537.p0.g25914b8.assembly.stream" }, "product_reference": "openshift4/ose-cli-artifacts:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli:v4.7.0-202201261123.p0.g25914b8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cli:v4.7.0-202201261123.p0.g25914b8.assembly.stream" }, "product_reference": "openshift4/ose-cli:v4.7.0-202201261123.p0.g25914b8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cloud-credential-operator:v4.7.0-202201261123.p0.ge4c8b05.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cloud-credential-operator:v4.7.0-202201261123.p0.ge4c8b05.assembly.stream" }, "product_reference": "openshift4/ose-cloud-credential-operator:v4.7.0-202201261123.p0.ge4c8b05.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-authentication-operator:v4.7.0-202201261123.p0.g5c93df5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-authentication-operator:v4.7.0-202201261123.p0.g5c93df5.assembly.stream" }, "product_reference": "openshift4/ose-cluster-authentication-operator:v4.7.0-202201261123.p0.g5c93df5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.7.0-202201261123.p0.g7658bea.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler-operator:v4.7.0-202201261123.p0.g7658bea.assembly.stream" }, "product_reference": "openshift4/ose-cluster-autoscaler-operator:v4.7.0-202201261123.p0.g7658bea.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler:v4.7.0-202201261123.p0.g8b2e494.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler:v4.7.0-202201261123.p0.g8b2e494.assembly.stream" }, "product_reference": "openshift4/ose-cluster-autoscaler:v4.7.0-202201261123.p0.g8b2e494.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202201261123.p0.gf73e5fc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202201261123.p0.gf73e5fc.assembly.stream" }, "product_reference": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202201261123.p0.gf73e5fc.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-bootstrap:v4.7.0-202201261123.p0.g6665cae.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-bootstrap:v4.7.0-202201261123.p0.g6665cae.assembly.stream" }, "product_reference": "openshift4/ose-cluster-bootstrap:v4.7.0-202201261123.p0.g6665cae.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-config-operator:v4.7.0-202201261123.p0.g07e059a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-config-operator:v4.7.0-202201261123.p0.g07e059a.assembly.stream" }, "product_reference": "openshift4/ose-cluster-config-operator:v4.7.0-202201261123.p0.g07e059a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202201261123.p0.gfc036b5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202201261123.p0.gfc036b5.assembly.stream" }, "product_reference": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202201261123.p0.gfc036b5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-dns-operator:v4.7.0-202201261123.p0.gcf8be7b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-dns-operator:v4.7.0-202201261123.p0.gcf8be7b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-dns-operator:v4.7.0-202201261123.p0.gcf8be7b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202201261123.p0.g51cb8c4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202201261123.p0.g51cb8c4.assembly.stream" }, "product_reference": "openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202201261123.p0.g51cb8c4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-image-registry-operator:v4.7.0-202201261123.p0.g70a8588.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-image-registry-operator:v4.7.0-202201261123.p0.g70a8588.assembly.stream" }, "product_reference": "openshift4/ose-cluster-image-registry-operator:v4.7.0-202201261123.p0.g70a8588.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-ingress-operator:v4.7.0-202201261123.p0.ge76561d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-ingress-operator:v4.7.0-202201261123.p0.ge76561d.assembly.stream" }, "product_reference": "openshift4/ose-cluster-ingress-operator:v4.7.0-202201261123.p0.ge76561d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202201261123.p0.gd5d5759.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202201261123.p0.gd5d5759.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202201261123.p0.gd5d5759.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202201261123.p0.g2815909.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202201261123.p0.g2815909.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202201261123.p0.g2815909.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202201261123.p0.gb2204ca.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202201261123.p0.gb2204ca.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202201261123.p0.gb2204ca.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202201261123.p0.g5448475.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202201261123.p0.g5448475.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202201261123.p0.g5448475.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-machine-approver:v4.7.0-202201261123.p0.g9043e2b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-machine-approver:v4.7.0-202201261123.p0.g9043e2b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-machine-approver:v4.7.0-202201261123.p0.g9043e2b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-monitoring-operator:v4.7.0-202201261123.p0.g0f7da46.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-monitoring-operator:v4.7.0-202201261123.p0.g0f7da46.assembly.stream" }, "product_reference": "openshift4/ose-cluster-monitoring-operator:v4.7.0-202201261123.p0.g0f7da46.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-network-operator:v4.7.0-202202021937.p0.gd5ee3cf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-network-operator:v4.7.0-202202021937.p0.gd5ee3cf.assembly.stream" }, "product_reference": "openshift4/ose-cluster-network-operator:v4.7.0-202202021937.p0.gd5ee3cf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.7.0-202201261123.p0.g9316487.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-node-tuning-operator:v4.7.0-202201261123.p0.g9316487.assembly.stream" }, "product_reference": "openshift4/ose-cluster-node-tuning-operator:v4.7.0-202201261123.p0.g9316487.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202201261123.p0.gdf9b1a4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202201261123.p0.gdf9b1a4.assembly.stream" }, "product_reference": "openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202201261123.p0.gdf9b1a4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202201261123.p0.g2a8963a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202201261123.p0.g2a8963a.assembly.stream" }, "product_reference": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202201261123.p0.g2a8963a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202201261123.p0.g42791ba.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202201261123.p0.g42791ba.assembly.stream" }, "product_reference": "openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202201261123.p0.g42791ba.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-samples-operator:v4.7.0-202201261123.p0.g1892553.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-samples-operator:v4.7.0-202201261123.p0.g1892553.assembly.stream" }, "product_reference": "openshift4/ose-cluster-samples-operator:v4.7.0-202201261123.p0.g1892553.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-storage-operator:v4.7.0-202201261123.p0.gd6f34df.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-storage-operator:v4.7.0-202201261123.p0.gd6f34df.assembly.stream" }, "product_reference": "openshift4/ose-cluster-storage-operator:v4.7.0-202201261123.p0.gd6f34df.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-update-keys:v4.7.0-202201261123.p0.gb7e7917.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-update-keys:v4.7.0-202201261123.p0.gb7e7917.assembly.stream" }, "product_reference": "openshift4/ose-cluster-update-keys:v4.7.0-202201261123.p0.gb7e7917.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-version-operator:v4.7.0-202201261123.p0.g4e7c701.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-version-operator:v4.7.0-202201261123.p0.g4e7c701.assembly.stream" }, "product_reference": "openshift4/ose-cluster-version-operator:v4.7.0-202201261123.p0.g4e7c701.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-configmap-reloader:v4.7.0-202201261123.p0.gb957dff.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-configmap-reloader:v4.7.0-202201261123.p0.gb957dff.assembly.stream" }, "product_reference": "openshift4/ose-configmap-reloader:v4.7.0-202201261123.p0.gb957dff.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console-operator:v4.7.0-202201280725.p0.gc3019e2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-console-operator:v4.7.0-202201280725.p0.gc3019e2.assembly.stream" }, "product_reference": "openshift4/ose-console-operator:v4.7.0-202201280725.p0.gc3019e2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console:v4.7.0-202201262042.p0.gc2bc5b2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-console:v4.7.0-202201262042.p0.gc2bc5b2.assembly.stream" }, "product_reference": "openshift4/ose-console:v4.7.0-202201262042.p0.gc2bc5b2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream" }, "product_reference": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-coredns:v4.7.0-202201261123.p0.gd4a3ba3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-coredns:v4.7.0-202201261123.p0.gd4a3ba3.assembly.stream" }, "product_reference": "openshift4/ose-coredns:v4.7.0-202201261123.p0.gd4a3ba3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202201261123.p0.gb652a62.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202201261123.p0.gb652a62.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202201261123.p0.gb652a62.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202201261123.p0.g9404d34.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202201261123.p0.g9404d34.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202201261123.p0.g9404d34.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202201261123.p0.gf152de8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202201261123.p0.gf152de8.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202201261123.p0.gf152de8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher:v4.7.0-202201261123.p0.gf152de8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher:v4.7.0-202201261123.p0.gf152de8.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-attacher:v4.7.0-202201261123.p0.gf152de8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202201261123.p0.ga49415e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202201261123.p0.ga49415e.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202201261123.p0.ga49415e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-provisioner:v4.7.0-202201261123.p0.ga49415e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner:v4.7.0-202201261123.p0.ga49415e.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-provisioner:v4.7.0-202201261123.p0.ga49415e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202201261123.p0.gf77279e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202201261123.p0.gf77279e.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202201261123.p0.gf77279e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer:v4.7.0-202201261123.p0.gf77279e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer:v4.7.0-202201261123.p0.gf77279e.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-resizer:v4.7.0-202201261123.p0.gf77279e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter:v4.7.0-202201261123.p0.g2677373.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter:v4.7.0-202201261123.p0.g2677373.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-snapshotter:v4.7.0-202201261123.p0.g2677373.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202201261123.p0.g3dad028.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202201261123.p0.g3dad028.assembly.stream" }, "product_reference": "openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202201261123.p0.g3dad028.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-livenessprobe:v4.7.0-202201261123.p0.g3dad028.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe:v4.7.0-202201261123.p0.g3dad028.assembly.stream" }, "product_reference": "openshift4/ose-csi-livenessprobe:v4.7.0-202201261123.p0.g3dad028.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202201261123.p0.g2a77963.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202201261123.p0.g2a77963.assembly.stream" }, "product_reference": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202201261123.p0.g2a77963.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-node-driver-registrar:v4.7.0-202201261123.p0.g2a77963.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar:v4.7.0-202201261123.p0.g2a77963.assembly.stream" }, "product_reference": "openshift4/ose-csi-node-driver-registrar:v4.7.0-202201261123.p0.g2a77963.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller:v4.7.0-202201261123.p0.g2677373.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller:v4.7.0-202201261123.p0.g2677373.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-controller:v4.7.0-202201261123.p0.g2677373.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-deployer:v4.7.0-202201261537.p0.g25914b8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-deployer:v4.7.0-202201261537.p0.g25914b8.assembly.stream" }, "product_reference": "openshift4/ose-deployer:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-builder:v4.7.0-202201261123.p0.g5a46979.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-docker-builder:v4.7.0-202201261123.p0.g5a46979.assembly.stream" }, "product_reference": "openshift4/ose-docker-builder:v4.7.0-202201261123.p0.g5a46979.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-registry:v4.7.0-202201261123.p0.g8b03485.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-docker-registry:v4.7.0-202201261123.p0.g8b03485.assembly.stream" }, "product_reference": "openshift4/ose-docker-registry:v4.7.0-202201261123.p0.g8b03485.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-etcd:v4.7.0-202201261123.p0.gc61e5af.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-etcd:v4.7.0-202201261123.p0.gc61e5af.assembly.stream" }, "product_reference": "openshift4/ose-etcd:v4.7.0-202201261123.p0.gc61e5af.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202201261123.p0.g5f6589d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202201261123.p0.g5f6589d.assembly.stream" }, "product_reference": "openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202201261123.p0.g5f6589d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202201261123.p0.gd40dd57.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202201261123.p0.gd40dd57.assembly.stream" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202201261123.p0.gd40dd57.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202201261123.p0.g0cb61d2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202201261123.p0.g0cb61d2.assembly.stream" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202201261123.p0.g0cb61d2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-grafana:v4.7.0-202201261123.p0.gb02c35d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-grafana:v4.7.0-202201261123.p0.gb02c35d.assembly.stream" }, "product_reference": "openshift4/ose-grafana:v4.7.0-202201261123.p0.gb02c35d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-haproxy-router:v4.7.0-202201261537.p0.g4ab216f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-haproxy-router:v4.7.0-202201261537.p0.g4ab216f.assembly.stream" }, "product_reference": "openshift4/ose-haproxy-router:v4.7.0-202201261537.p0.g4ab216f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-hello-openshift-rhel8:v4.7.0-202201261123.p0.g7706ed4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-hello-openshift-rhel8:v4.7.0-202201261123.p0.g7706ed4.assembly.stream" }, "product_reference": "openshift4/ose-hello-openshift-rhel8:v4.7.0-202201261123.p0.g7706ed4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-hyperkube:v4.7.0-202201261123.p0.ge880017.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-hyperkube:v4.7.0-202201261123.p0.ge880017.assembly.stream" }, "product_reference": "openshift4/ose-hyperkube:v4.7.0-202201261123.p0.ge880017.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-insights-rhel8-operator:v4.7.0-202201261123.p0.gaccd496.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-insights-rhel8-operator:v4.7.0-202201261123.p0.gaccd496.assembly.stream" }, "product_reference": "openshift4/ose-insights-rhel8-operator:v4.7.0-202201261123.p0.gaccd496.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer-artifacts:v4.7.0-202201261537.p0.gb406013.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-installer-artifacts:v4.7.0-202201261537.p0.gb406013.assembly.stream" }, "product_reference": "openshift4/ose-installer-artifacts:v4.7.0-202201261537.p0.gb406013.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer:v4.7.0-202201261123.p0.gb406013.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-installer:v4.7.0-202201261123.p0.gb406013.assembly.stream" }, "product_reference": "openshift4/ose-installer:v4.7.0-202201261123.p0.gb406013.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202201261123.p0.g564aaca.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202201261123.p0.g564aaca.assembly.stream" }, "product_reference": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202201261123.p0.g564aaca.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-inspector-rhel8:v4.7.0-202201261123.p0.gb6cbf03.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-inspector-rhel8:v4.7.0-202201261123.p0.gb6cbf03.assembly.stream" }, "product_reference": "openshift4/ose-ironic-inspector-rhel8:v4.7.0-202201261123.p0.gb6cbf03.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202201261123.p0.gf33b14a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202201261123.p0.gf33b14a.assembly.stream" }, "product_reference": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202201261123.p0.gf33b14a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202201261123.p0.g870afcb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202201261123.p0.g870afcb.assembly.stream" }, "product_reference": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202201261123.p0.g870afcb.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-rhel8:v4.7.0-202201261123.p0.g1a7f41b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-rhel8:v4.7.0-202201261123.p0.g1a7f41b.assembly.stream" }, "product_reference": "openshift4/ose-ironic-rhel8:v4.7.0-202201261123.p0.g1a7f41b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202201261123.p0.g43d640a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202201261123.p0.g43d640a.assembly.stream" }, "product_reference": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202201261123.p0.g43d640a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-base:v4.7.0-202202020525.p0.g1383028.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-base:v4.7.0-202202020525.p0.g1383028.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-base:v4.7.0-202202020525.p0.g1383028.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-maven:v4.7.0-202202020525.p0.g1383028.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-maven:v4.7.0-202202020525.p0.g1383028.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-maven:v4.7.0-202202020525.p0.g1383028.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins:v4.7.0-202202031028.p0.g1383028.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins:v4.7.0-202202031028.p0.g1383028.assembly.stream" }, "product_reference": "openshift4/ose-jenkins:v4.7.0-202202031028.p0.g1383028.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.7.0-202201261123.p0.g212d80b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-k8s-prometheus-adapter:v4.7.0-202201261123.p0.g212d80b.assembly.stream" }, "product_reference": "openshift4/ose-k8s-prometheus-adapter:v4.7.0-202201261123.p0.g212d80b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-keepalived-ipfailover:v4.7.0-202201261123.p0.g0e45f63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-keepalived-ipfailover:v4.7.0-202201261123.p0.g0e45f63.assembly.stream" }, "product_reference": "openshift4/ose-keepalived-ipfailover:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-proxy:v4.7.0-202201261537.p0.g0e051e5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kube-proxy:v4.7.0-202201261537.p0.g0e051e5.assembly.stream" }, "product_reference": "openshift4/ose-kube-proxy:v4.7.0-202201261537.p0.g0e051e5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-rbac-proxy:v4.7.0-202201261123.p0.g14c288e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kube-rbac-proxy:v4.7.0-202201261123.p0.g14c288e.assembly.stream" }, "product_reference": "openshift4/ose-kube-rbac-proxy:v4.7.0-202201261123.p0.g14c288e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-state-metrics:v4.7.0-202201261123.p0.g04bff70.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kube-state-metrics:v4.7.0-202201261123.p0.g04bff70.assembly.stream" }, "product_reference": "openshift4/ose-kube-state-metrics:v4.7.0-202201261123.p0.g04bff70.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202201261123.p0.g329a4b0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202201261123.p0.g329a4b0.assembly.stream" }, "product_reference": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202201261123.p0.g329a4b0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kuryr-cni-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream" }, "product_reference": "openshift4/ose-kuryr-cni-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kuryr-controller-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream" }, "product_reference": "openshift4/ose-kuryr-controller-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-libvirt-machine-controllers:v4.7.0-202201261123.p0.geb819cb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-libvirt-machine-controllers:v4.7.0-202201261123.p0.geb819cb.assembly.stream" }, "product_reference": "openshift4/ose-libvirt-machine-controllers:v4.7.0-202201261123.p0.geb819cb.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-operator:v4.7.0-202201261123.p0.g8578fef.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-machine-api-operator:v4.7.0-202201261123.p0.g8578fef.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-operator:v4.7.0-202201261123.p0.g8578fef.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-config-operator:v4.7.0-202201261123.p0.g824271e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-machine-config-operator:v4.7.0-202201261123.p0.g824271e.assembly.stream" }, "product_reference": "openshift4/ose-machine-config-operator:v4.7.0-202201261123.p0.g824271e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-mdns-publisher-rhel8:v4.7.0-202201261123.p0.gaf3f360.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-mdns-publisher-rhel8:v4.7.0-202201261123.p0.gaf3f360.assembly.stream" }, "product_reference": "openshift4/ose-mdns-publisher-rhel8:v4.7.0-202201261123.p0.gaf3f360.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-admission-controller:v4.7.0-202201261123.p0.ga7312f5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-multus-admission-controller:v4.7.0-202201261123.p0.ga7312f5.assembly.stream" }, "product_reference": "openshift4/ose-multus-admission-controller:v4.7.0-202201261123.p0.ga7312f5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-cni:v4.7.0-202201261123.p0.g5530094.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-multus-cni:v4.7.0-202201261123.p0.g5530094.assembly.stream" }, "product_reference": "openshift4/ose-multus-cni:v4.7.0-202201261123.p0.g5530094.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202201261123.p0.g820a753.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202201261123.p0.g820a753.assembly.stream" }, "product_reference": "openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202201261123.p0.g820a753.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202201261123.p0.g1662c3e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202201261123.p0.g1662c3e.assembly.stream" }, "product_reference": "openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202201261123.p0.g1662c3e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202202011553.p0.g7b05b37.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202202011553.p0.g7b05b37.assembly.stream" }, "product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202202011553.p0.g7b05b37.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-must-gather:v4.7.0-202201261537.p0.g205d4e3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-must-gather:v4.7.0-202201261537.p0.g205d4e3.assembly.stream" }, "product_reference": "openshift4/ose-must-gather:v4.7.0-202201261537.p0.g205d4e3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202201261123.p0.gd73afb7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202201261123.p0.gd73afb7.assembly.stream" }, "product_reference": "openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202201261123.p0.gd73afb7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202201261123.p0.g69f527e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202201261123.p0.g69f527e.assembly.stream" }, "product_reference": "openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202201261123.p0.g69f527e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-proxy:v4.7.0-202201261123.p0.gfd4dfe7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-oauth-proxy:v4.7.0-202201261123.p0.gfd4dfe7.assembly.stream" }, "product_reference": "openshift4/ose-oauth-proxy:v4.7.0-202201261123.p0.gfd4dfe7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-server-rhel8:v4.7.0-202201261123.p0.g55f888e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-oauth-server-rhel8:v4.7.0-202201261123.p0.g55f888e.assembly.stream" }, "product_reference": "openshift4/ose-oauth-server-rhel8:v4.7.0-202201261123.p0.g55f888e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202201261123.p0.gc35a474.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202201261123.p0.gc35a474.assembly.stream" }, "product_reference": "openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202201261123.p0.gc35a474.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202201261123.p0.gc93745b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202201261123.p0.gc93745b.assembly.stream" }, "product_reference": "openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202201261123.p0.gc93745b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202201261123.p0.g40b0968.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202201261123.p0.g40b0968.assembly.stream" }, "product_reference": "openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202201261123.p0.g40b0968.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.gbfb0e08.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.gbfb0e08.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.gbfb0e08.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-machine-controllers:v4.7.0-202201261123.p0.gdcb7828.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openstack-machine-controllers:v4.7.0-202201261123.p0.gdcb7828.assembly.stream" }, "product_reference": "openshift4/ose-openstack-machine-controllers:v4.7.0-202201261123.p0.gdcb7828.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-lifecycle-manager:v4.7.0-202201261123.p0.g6bc6b9c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-operator-lifecycle-manager:v4.7.0-202201261123.p0.g6bc6b9c.assembly.stream" }, "product_reference": "openshift4/ose-operator-lifecycle-manager:v4.7.0-202201261123.p0.g6bc6b9c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-marketplace:v4.7.0-202201261123.p0.g23f38d3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-operator-marketplace:v4.7.0-202201261123.p0.g23f38d3.assembly.stream" }, "product_reference": "openshift4/ose-operator-marketplace:v4.7.0-202201261123.p0.g23f38d3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-registry:v4.7.0-202201261123.p0.g06e950d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-operator-registry:v4.7.0-202201261123.p0.g06e950d.assembly.stream" }, "product_reference": "openshift4/ose-operator-registry:v4.7.0-202201261123.p0.g06e950d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202201261123.p0.g75b3272.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202201261123.p0.g75b3272.assembly.stream" }, "product_reference": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202201261123.p0.g75b3272.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovn-kubernetes:v4.7.0-202202011649.p0.g79dcf8f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ovn-kubernetes:v4.7.0-202202011649.p0.g79dcf8f.assembly.stream" }, "product_reference": "openshift4/ose-ovn-kubernetes:v4.7.0-202202011649.p0.g79dcf8f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-pod:v4.7.0-202201261123.p0.g0e45f63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-pod:v4.7.0-202201261123.p0.g0e45f63.assembly.stream" }, "product_reference": "openshift4/ose-pod:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prom-label-proxy:v4.7.0-202201261123.p0.gdb87872.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prom-label-proxy:v4.7.0-202201261123.p0.gdb87872.assembly.stream" }, "product_reference": "openshift4/ose-prom-label-proxy:v4.7.0-202201261123.p0.gdb87872.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-alertmanager:v4.7.0-202201261123.p0.g9954cc4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prometheus-alertmanager:v4.7.0-202201261123.p0.g9954cc4.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-alertmanager:v4.7.0-202201261123.p0.g9954cc4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-config-reloader:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prometheus-config-reloader:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-config-reloader:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-node-exporter:v4.7.0-202201261123.p0.g76974e2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prometheus-node-exporter:v4.7.0-202201261123.p0.g76974e2.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-node-exporter:v4.7.0-202201261123.p0.g76974e2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-operator:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prometheus-operator:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-operator:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus:v4.7.0-202201261123.p0.gcb5e53c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prometheus:v4.7.0-202201261123.p0.gcb5e53c.assembly.stream" }, "product_reference": "openshift4/ose-prometheus:v4.7.0-202201261123.p0.gcb5e53c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sdn-rhel8:v4.7.0-202201261123.p0.g0e051e5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sdn-rhel8:v4.7.0-202201261123.p0.g0e051e5.assembly.stream" }, "product_reference": "openshift4/ose-sdn-rhel8:v4.7.0-202201261123.p0.g0e051e5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-ca-operator:v4.7.0-202201261123.p0.gf65053f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-service-ca-operator:v4.7.0-202201261123.p0.gf65053f.assembly.stream" }, "product_reference": "openshift4/ose-service-ca-operator:v4.7.0-202201261123.p0.gf65053f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-telemeter:v4.7.0-202201261123.p0.ge4dac51.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-telemeter:v4.7.0-202201261123.p0.ge4dac51.assembly.stream" }, "product_reference": "openshift4/ose-telemeter:v4.7.0-202201261123.p0.ge4dac51.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tests:v4.7.0-202201261537.p0.g7706ed4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-tests:v4.7.0-202201261537.p0.g7706ed4.assembly.stream" }, "product_reference": "openshift4/ose-tests:v4.7.0-202201261537.p0.g7706ed4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-thanos-rhel8:v4.7.0-202201261123.p0.g319e70c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-thanos-rhel8:v4.7.0-202201261123.p0.g319e70c.assembly.stream" }, "product_reference": "openshift4/ose-thanos-rhel8:v4.7.0-202201261123.p0.g319e70c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tools-rhel8:v4.7.0-202201261537.p0.g25914b8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-tools-rhel8:v4.7.0-202201261537.p0.g25914b8.assembly.stream" }, "product_reference": "openshift4/ose-tools-rhel8:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202201261123.p0.g9854609.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202201261123.p0.g9854609.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202201261123.p0.g9854609.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel7:v4.7.0-202201261123.p0.g72545e6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel7:v4.7.0-202201261123.p0.g72545e6.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel7:v4.7.0-202201261123.p0.g72545e6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g5e51508.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g5e51508.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g5e51508.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel8:v4.7.0-202201261123.p0.g72545e6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8:v4.7.0-202201261123.p0.g72545e6.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel8:v4.7.0-202201261123.p0.g72545e6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Casey Callendrello" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2021-20206", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-22T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.7:openshift4/driver-toolkit-rhel8:v4.7.0-202201261123.p0.gbcd11a1.assembly.stream", "8Base-RHOSE-4.7:openshift4/egress-router-cni-rhel8:v4.7.0-202201261123.p0.g96ebd37.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g3a9ff17.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202201261123.p0.gf6a71bf.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-aws-machine-controllers:v4.7.0-202201261123.p0.g5368195.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202201291225.p0.g5ad6650.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-azure-machine-controllers:v4.7.0-202201261123.p0.g723b7ab.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-baremetal-installer-rhel8:v4.7.0-202201261123.p0.gb406013.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-baremetal-machine-controllers:v4.7.0-202201261123.p0.g6d86e62.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-baremetal-rhel8-operator:v4.7.0-202201261123.p0.ge36cbc1.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202201261123.p0.g9c5da32.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cli-artifacts:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cli:v4.7.0-202201261123.p0.g25914b8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cloud-credential-operator:v4.7.0-202201261123.p0.ge4c8b05.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-authentication-operator:v4.7.0-202201261123.p0.g5c93df5.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler-operator:v4.7.0-202201261123.p0.g7658bea.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler:v4.7.0-202201261123.p0.g8b2e494.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202201261123.p0.gf73e5fc.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-bootstrap:v4.7.0-202201261123.p0.g6665cae.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-config-operator:v4.7.0-202201261123.p0.g07e059a.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202201261123.p0.gfc036b5.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-dns-operator:v4.7.0-202201261123.p0.gcf8be7b.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202201261123.p0.g51cb8c4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-image-registry-operator:v4.7.0-202201261123.p0.g70a8588.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-ingress-operator:v4.7.0-202201261123.p0.ge76561d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202201261123.p0.gd5d5759.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202201261123.p0.g2815909.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202201261123.p0.gb2204ca.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202201261123.p0.g5448475.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-machine-approver:v4.7.0-202201261123.p0.g9043e2b.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-monitoring-operator:v4.7.0-202201261123.p0.g0f7da46.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-network-operator:v4.7.0-202202021937.p0.gd5ee3cf.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-node-tuning-operator:v4.7.0-202201261123.p0.g9316487.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202201261123.p0.gdf9b1a4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202201261123.p0.g2a8963a.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202201261123.p0.g42791ba.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-samples-operator:v4.7.0-202201261123.p0.g1892553.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-storage-operator:v4.7.0-202201261123.p0.gd6f34df.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-update-keys:v4.7.0-202201261123.p0.gb7e7917.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-version-operator:v4.7.0-202201261123.p0.g4e7c701.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-configmap-reloader:v4.7.0-202201261123.p0.gb957dff.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-console-operator:v4.7.0-202201280725.p0.gc3019e2.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-console:v4.7.0-202201262042.p0.gc2bc5b2.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-coredns:v4.7.0-202201261123.p0.gd4a3ba3.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202201261123.p0.gb652a62.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202201261123.p0.g9404d34.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202201261123.p0.gf152de8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher:v4.7.0-202201261123.p0.gf152de8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202201261123.p0.ga49415e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner:v4.7.0-202201261123.p0.ga49415e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202201261123.p0.gf77279e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer:v4.7.0-202201261123.p0.gf77279e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter:v4.7.0-202201261123.p0.g2677373.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202201261123.p0.g3dad028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe:v4.7.0-202201261123.p0.g3dad028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202201261123.p0.g2a77963.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar:v4.7.0-202201261123.p0.g2a77963.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller:v4.7.0-202201261123.p0.g2677373.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-deployer:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-docker-builder:v4.7.0-202201261123.p0.g5a46979.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-docker-registry:v4.7.0-202201261123.p0.g8b03485.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-etcd:v4.7.0-202201261123.p0.gc61e5af.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202201261123.p0.g5f6589d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202201261123.p0.gd40dd57.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202201261123.p0.g0cb61d2.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-grafana:v4.7.0-202201261123.p0.gb02c35d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-haproxy-router:v4.7.0-202201261537.p0.g4ab216f.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-hello-openshift-rhel8:v4.7.0-202201261123.p0.g7706ed4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-hyperkube:v4.7.0-202201261123.p0.ge880017.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-insights-rhel8-operator:v4.7.0-202201261123.p0.gaccd496.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-installer-artifacts:v4.7.0-202201261537.p0.gb406013.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-installer:v4.7.0-202201261123.p0.gb406013.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202201261123.p0.g564aaca.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-inspector-rhel8:v4.7.0-202201261123.p0.gb6cbf03.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202201261123.p0.gf33b14a.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202201261123.p0.g870afcb.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-rhel8:v4.7.0-202201261123.p0.g1a7f41b.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202201261123.p0.g43d640a.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-base:v4.7.0-202202020525.p0.g1383028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-maven:v4.7.0-202202020525.p0.g1383028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-jenkins:v4.7.0-202202031028.p0.g1383028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-k8s-prometheus-adapter:v4.7.0-202201261123.p0.g212d80b.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-keepalived-ipfailover:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kube-proxy:v4.7.0-202201261537.p0.g0e051e5.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kube-rbac-proxy:v4.7.0-202201261123.p0.g14c288e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kube-state-metrics:v4.7.0-202201261123.p0.g04bff70.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202201261123.p0.g329a4b0.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kuryr-cni-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kuryr-controller-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-libvirt-machine-controllers:v4.7.0-202201261123.p0.geb819cb.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-machine-api-operator:v4.7.0-202201261123.p0.g8578fef.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-machine-config-operator:v4.7.0-202201261123.p0.g824271e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-mdns-publisher-rhel8:v4.7.0-202201261123.p0.gaf3f360.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-multus-admission-controller:v4.7.0-202201261123.p0.ga7312f5.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-multus-cni:v4.7.0-202201261123.p0.g5530094.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202201261123.p0.g820a753.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202201261123.p0.g1662c3e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202202011553.p0.g7b05b37.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-must-gather:v4.7.0-202201261537.p0.g205d4e3.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202201261123.p0.gd73afb7.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202201261123.p0.g69f527e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-oauth-proxy:v4.7.0-202201261123.p0.gfd4dfe7.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-oauth-server-rhel8:v4.7.0-202201261123.p0.g55f888e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202201261123.p0.gc35a474.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202201261123.p0.gc93745b.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202201261123.p0.g40b0968.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.gbfb0e08.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openstack-machine-controllers:v4.7.0-202201261123.p0.gdcb7828.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-operator-lifecycle-manager:v4.7.0-202201261123.p0.g6bc6b9c.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-operator-marketplace:v4.7.0-202201261123.p0.g23f38d3.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-operator-registry:v4.7.0-202201261123.p0.g06e950d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202201261123.p0.g75b3272.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ovn-kubernetes:v4.7.0-202202011649.p0.g79dcf8f.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-pod:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prom-label-proxy:v4.7.0-202201261123.p0.gdb87872.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prometheus-alertmanager:v4.7.0-202201261123.p0.g9954cc4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prometheus-config-reloader:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prometheus-node-exporter:v4.7.0-202201261123.p0.g76974e2.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prometheus-operator:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prometheus:v4.7.0-202201261123.p0.gcb5e53c.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sdn-rhel8:v4.7.0-202201261123.p0.g0e051e5.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-service-ca-operator:v4.7.0-202201261123.p0.gf65053f.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-telemeter:v4.7.0-202201261123.p0.ge4dac51.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-tests:v4.7.0-202201261537.p0.g7706ed4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-thanos-rhel8:v4.7.0-202201261123.p0.g319e70c.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-tools-rhel8:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202201261123.p0.g9854609.assembly.stream", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel7:v4.7.0-202201261123.p0.g72545e6.assembly.stream", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g5e51508.assembly.stream", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8:v4.7.0-202201261123.p0.g72545e6.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.7:openshift4/driver-toolkit-rhel8:v4.7.0-202201261123.p0.gbcd11a1.assembly.stream", "8Base-RHOSE-4.7:openshift4/egress-router-cni-rhel8:v4.7.0-202201261123.p0.g96ebd37.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g3a9ff17.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202201261123.p0.gf6a71bf.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-aws-machine-controllers:v4.7.0-202201261123.p0.g5368195.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202201291225.p0.g5ad6650.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-azure-machine-controllers:v4.7.0-202201261123.p0.g723b7ab.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-baremetal-installer-rhel8:v4.7.0-202201261123.p0.gb406013.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-baremetal-machine-controllers:v4.7.0-202201261123.p0.g6d86e62.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-baremetal-rhel8-operator:v4.7.0-202201261123.p0.ge36cbc1.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202201261123.p0.g9c5da32.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cli-artifacts:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cli:v4.7.0-202201261123.p0.g25914b8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cloud-credential-operator:v4.7.0-202201261123.p0.ge4c8b05.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-authentication-operator:v4.7.0-202201261123.p0.g5c93df5.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler-operator:v4.7.0-202201261123.p0.g7658bea.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler:v4.7.0-202201261123.p0.g8b2e494.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202201261123.p0.gf73e5fc.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-bootstrap:v4.7.0-202201261123.p0.g6665cae.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-config-operator:v4.7.0-202201261123.p0.g07e059a.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202201261123.p0.gfc036b5.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-dns-operator:v4.7.0-202201261123.p0.gcf8be7b.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202201261123.p0.g51cb8c4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-image-registry-operator:v4.7.0-202201261123.p0.g70a8588.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-ingress-operator:v4.7.0-202201261123.p0.ge76561d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202201261123.p0.gd5d5759.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202201261123.p0.g2815909.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202201261123.p0.gb2204ca.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202201261123.p0.g5448475.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-machine-approver:v4.7.0-202201261123.p0.g9043e2b.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-monitoring-operator:v4.7.0-202201261123.p0.g0f7da46.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-network-operator:v4.7.0-202202021937.p0.gd5ee3cf.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-node-tuning-operator:v4.7.0-202201261123.p0.g9316487.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202201261123.p0.gdf9b1a4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202201261123.p0.g2a8963a.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202201261123.p0.g42791ba.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-samples-operator:v4.7.0-202201261123.p0.g1892553.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-storage-operator:v4.7.0-202201261123.p0.gd6f34df.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-update-keys:v4.7.0-202201261123.p0.gb7e7917.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-version-operator:v4.7.0-202201261123.p0.g4e7c701.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-configmap-reloader:v4.7.0-202201261123.p0.gb957dff.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-console-operator:v4.7.0-202201280725.p0.gc3019e2.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-console:v4.7.0-202201262042.p0.gc2bc5b2.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-coredns:v4.7.0-202201261123.p0.gd4a3ba3.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202201261123.p0.gb652a62.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202201261123.p0.g9404d34.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202201261123.p0.gf152de8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher:v4.7.0-202201261123.p0.gf152de8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202201261123.p0.ga49415e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner:v4.7.0-202201261123.p0.ga49415e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202201261123.p0.gf77279e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer:v4.7.0-202201261123.p0.gf77279e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter:v4.7.0-202201261123.p0.g2677373.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202201261123.p0.g3dad028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe:v4.7.0-202201261123.p0.g3dad028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202201261123.p0.g2a77963.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar:v4.7.0-202201261123.p0.g2a77963.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller:v4.7.0-202201261123.p0.g2677373.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202201261123.p0.g2677373.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-deployer:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-docker-builder:v4.7.0-202201261123.p0.g5a46979.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-docker-registry:v4.7.0-202201261123.p0.g8b03485.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-etcd:v4.7.0-202201261123.p0.gc61e5af.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202201261123.p0.g5f6589d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202201261123.p0.gd40dd57.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202201261123.p0.g0cb61d2.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-grafana:v4.7.0-202201261123.p0.gb02c35d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-haproxy-router:v4.7.0-202201261537.p0.g4ab216f.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-hello-openshift-rhel8:v4.7.0-202201261123.p0.g7706ed4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-hyperkube:v4.7.0-202201261123.p0.ge880017.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-insights-rhel8-operator:v4.7.0-202201261123.p0.gaccd496.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-installer-artifacts:v4.7.0-202201261537.p0.gb406013.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-installer:v4.7.0-202201261123.p0.gb406013.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202201261123.p0.g564aaca.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-inspector-rhel8:v4.7.0-202201261123.p0.gb6cbf03.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202201261123.p0.gf33b14a.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202201261123.p0.g870afcb.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-rhel8:v4.7.0-202201261123.p0.g1a7f41b.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202201261123.p0.g43d640a.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-base:v4.7.0-202202020525.p0.g1383028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-maven:v4.7.0-202202020525.p0.g1383028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-jenkins:v4.7.0-202202031028.p0.g1383028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-k8s-prometheus-adapter:v4.7.0-202201261123.p0.g212d80b.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-keepalived-ipfailover:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kube-proxy:v4.7.0-202201261537.p0.g0e051e5.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kube-rbac-proxy:v4.7.0-202201261123.p0.g14c288e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kube-state-metrics:v4.7.0-202201261123.p0.g04bff70.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202201261123.p0.g329a4b0.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kuryr-cni-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kuryr-controller-rhel8:v4.7.0-202201261123.p0.g72de60e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-libvirt-machine-controllers:v4.7.0-202201261123.p0.geb819cb.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-machine-api-operator:v4.7.0-202201261123.p0.g8578fef.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-machine-config-operator:v4.7.0-202201261123.p0.g824271e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-mdns-publisher-rhel8:v4.7.0-202201261123.p0.gaf3f360.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-multus-admission-controller:v4.7.0-202201261123.p0.ga7312f5.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-multus-cni:v4.7.0-202201261123.p0.g5530094.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202201261123.p0.g820a753.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202201261123.p0.g1662c3e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202202011553.p0.g7b05b37.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-must-gather:v4.7.0-202201261537.p0.g205d4e3.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202201261123.p0.gd73afb7.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202201261123.p0.g69f527e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-oauth-proxy:v4.7.0-202201261123.p0.gfd4dfe7.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-oauth-server-rhel8:v4.7.0-202201261123.p0.g55f888e.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202201261123.p0.gc35a474.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202201261123.p0.gc93745b.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202201261123.p0.g40b0968.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.gbfb0e08.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202201261123.p0.gd3f7092.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-openstack-machine-controllers:v4.7.0-202201261123.p0.gdcb7828.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-operator-lifecycle-manager:v4.7.0-202201261123.p0.g6bc6b9c.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-operator-marketplace:v4.7.0-202201261123.p0.g23f38d3.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-operator-registry:v4.7.0-202201261123.p0.g06e950d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202201261123.p0.g75b3272.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ovn-kubernetes:v4.7.0-202202011649.p0.g79dcf8f.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-pod:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prom-label-proxy:v4.7.0-202201261123.p0.gdb87872.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prometheus-alertmanager:v4.7.0-202201261123.p0.g9954cc4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prometheus-config-reloader:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prometheus-node-exporter:v4.7.0-202201261123.p0.g76974e2.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prometheus-operator:v4.7.0-202201261123.p0.g1f0fd51.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-prometheus:v4.7.0-202201261123.p0.gcb5e53c.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sdn-rhel8:v4.7.0-202201261123.p0.g0e051e5.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-service-ca-operator:v4.7.0-202201261123.p0.gf65053f.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-telemeter:v4.7.0-202201261123.p0.ge4dac51.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-tests:v4.7.0-202201261537.p0.g7706ed4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-thanos-rhel8:v4.7.0-202201261123.p0.g319e70c.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-tools-rhel8:v4.7.0-202201261537.p0.g25914b8.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202201261123.p0.g9854609.assembly.stream", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel7:v4.7.0-202201261123.p0.g72545e6.assembly.stream", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202201261123.p0.g5e51508.assembly.stream", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8:v4.7.0-202201261123.p0.g72545e6.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206" }, { "category": "external", "summary": "CVE-2021-20206", "url": "https://access.redhat.com/security/cve/CVE-2021-20206" }, { "category": "external", "summary": "bz#1919391: CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" } ], "release_date": "2021-02-05T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0492" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202201261537.p0.ga3cf46b.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-01-22T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration" } ] }
rhsa-2022_1660
Vulnerability from csaf_redhat
Published
2022-05-02 05:51
Modified
2024-09-18 02:37
Summary
Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 2.0.5 [security update]
Notes
Topic
The components for Red Hat OpenShift support for Windows Containers 2.0.5 are now available. This product release includes a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The components for Red Hat OpenShift support for Windows Containers 2.0.5 are now available. This product release includes a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.\n\nSecurity Fix(es):\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1660", "url": "https://access.redhat.com/errata/RHSA-2022:1660" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1919391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "category": "external", "summary": "WINC-756", "url": "https://issues.redhat.com/browse/WINC-756" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_1660.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 2.0.5 [security update]", "tracking": { "current_release_date": "2024-09-18T02:37:20+00:00", "generator": { "date": "2024-09-18T02:37:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:1660", "initial_release_date": "2022-05-02T05:51:54+00:00", "revision_history": [ { "date": "2022-05-02T05:51:54+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-02T05:51:54+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T02:37:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64", "product": { "name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64", "product_id": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64", "product_identification_helper": { "purl": "pkg:oci/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848?arch=amd64\u0026repository_url=registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle\u0026tag=v2.0.5-4" } } }, { "category": "product_version", "name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64", "product": { "name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64", "product_id": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64", "product_identification_helper": { "purl": "pkg:oci/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92?arch=amd64\u0026repository_url=registry.redhat.io/openshift4-wincw/windows-machine-config-rhel8-operator\u0026tag=2.0.5-4" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64" }, "product_reference": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64" }, "product_reference": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Casey Callendrello" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2021-20206", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-22T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.7:openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1919391" } ], "notes": [ { "category": "description", "text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) does package a vulnerable version of containernetworking/cni, however, the NetworkDefinitionAttachment is defined in code and cannot be easily changed except through a user who has access to the operator namespace such as cluster-admin. As such, for OSSM, the impact is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64" ], "known_not_affected": [ "8Base-RHOSE-4.7:openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20206" }, { "category": "external", "summary": "RHBZ#1919391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206" } ], "release_date": "2021-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.7:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1660" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration" } ] }
rhsa-2021_3001
Vulnerability from csaf_redhat
Published
2021-08-03 20:28
Modified
2024-09-18 02:37
Summary
Red Hat Security Advisory: Red Hat OpenShift Container Platform for Windows Containers 3.0.0 security and bug fix update
Notes
Topic
The components for Red Hat OpenShift Container Platform for Windows Containers 3.0.0 are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Windows Container Support for Red Hat OpenShift allows you to deploy
Windows container workloads running on Windows Server containers.
Security Fix(es):
* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* LB service unstable with multiple Windows nodes and pods (BZ#1905950)
* WMCO patch pub-key-hash annotation to Linux node (BZ#1930791)
* kube-proxy service terminated unexpectedly after recreated LB service (BZ#1939968)
* Telemetry info not completely available to identify windows nodes (BZ#1948037)
* LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952914)
* WMCO incorrectly shows node as ready after a failed configuration (BZ#1953692)
* Windows pod with a Projected Volume is stuck at ContainerCreating (BZ#1971745)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The components for Red Hat OpenShift Container Platform for Windows Containers 3.0.0 are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Windows Container Support for Red Hat OpenShift allows you to deploy\nWindows container workloads running on Windows Server containers.\n\nSecurity Fix(es):\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* LB service unstable with multiple Windows nodes and pods (BZ#1905950)\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1930791)\n\n* kube-proxy service terminated unexpectedly after recreated LB service (BZ#1939968)\n\n* Telemetry info not completely available to identify windows nodes (BZ#1948037)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952914)\n\n* WMCO incorrectly shows node as ready after a failed configuration (BZ#1953692)\n\n* Windows pod with a Projected Volume is stuck at ContainerCreating (BZ#1971745)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3001", "url": "https://access.redhat.com/errata/RHSA-2021:3001" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1905950", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905950" }, { "category": "external", "summary": "1919391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "category": "external", "summary": "1930791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930791" }, { "category": "external", "summary": "1939968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939968" }, { "category": "external", "summary": "1948037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948037" }, { "category": "external", "summary": "1952914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952914" }, { "category": "external", "summary": "1953692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953692" }, { "category": "external", "summary": "1971745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971745" }, { "category": "external", "summary": "1983153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983153" }, { "category": "external", "summary": "WINC-618", "url": "https://issues.redhat.com/browse/WINC-618" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3001.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Container Platform for Windows Containers 3.0.0 security and bug fix update", "tracking": { "current_release_date": "2024-09-18T02:37:09+00:00", "generator": { "date": "2024-09-18T02:37:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:3001", "initial_release_date": "2021-08-03T20:28:58+00:00", "revision_history": [ { "date": "2021-08-03T20:28:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-08-03T20:28:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T02:37:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64", "product": { "name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64", "product_id": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64", "product_identification_helper": { "purl": "pkg:oci/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle\u0026tag=v3.0.0-17" } } }, { "category": "product_version", "name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64", "product": { "name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64", "product_id": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64", "product_identification_helper": { "purl": "pkg:oci/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4-wincw/windows-machine-config-rhel8-operator\u0026tag=3.0.0-16" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64" }, "product_reference": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64" }, "product_reference": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Casey Callendrello" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2021-20206", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-22T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1919391" } ], "notes": [ { "category": "description", "text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) does package a vulnerable version of containernetworking/cni, however, the NetworkDefinitionAttachment is defined in code and cannot be easily changed except through a user who has access to the operator namespace such as cluster-admin. As such, for OSSM, the impact is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20206" }, { "category": "external", "summary": "RHBZ#1919391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206" } ], "release_date": "2021-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation:\nhttps://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3001" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration" } ] }
rhsa-2021_0799
Vulnerability from csaf_redhat
Published
2021-03-10 11:41
Modified
2024-09-18 04:27
Summary
Red Hat Security Advisory: OpenShift Virtualization 2.6.0 security and bug fix update
Notes
Topic
An update is now available for RHEL-8-CNV-2.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 2.6.0 images:
RHEL-8-CNV-2.6
==============
kubevirt-cpu-node-labeller-container-v2.6.0-5
kubevirt-cpu-model-nfd-plugin-container-v2.6.0-5
node-maintenance-operator-container-v2.6.0-13
kubevirt-vmware-container-v2.6.0-5
virtio-win-container-v2.6.0-5
kubevirt-kvm-info-nfd-plugin-container-v2.6.0-5
bridge-marker-container-v2.6.0-9
kubevirt-template-validator-container-v2.6.0-9
kubevirt-v2v-conversion-container-v2.6.0-6
kubemacpool-container-v2.6.0-13
kubevirt-ssp-operator-container-v2.6.0-40
hyperconverged-cluster-webhook-container-v2.6.0-73
hyperconverged-cluster-operator-container-v2.6.0-73
ovs-cni-plugin-container-v2.6.0-10
cnv-containernetworking-plugins-container-v2.6.0-10
ovs-cni-marker-container-v2.6.0-10
cluster-network-addons-operator-container-v2.6.0-16
hostpath-provisioner-container-v2.6.0-11
hostpath-provisioner-operator-container-v2.6.0-14
vm-import-virtv2v-container-v2.6.0-21
kubernetes-nmstate-handler-container-v2.6.0-19
vm-import-controller-container-v2.6.0-21
vm-import-operator-container-v2.6.0-21
virt-api-container-v2.6.0-111
virt-controller-container-v2.6.0-111
virt-handler-container-v2.6.0-111
virt-operator-container-v2.6.0-111
virt-launcher-container-v2.6.0-111
cnv-must-gather-container-v2.6.0-54
virt-cdi-importer-container-v2.6.0-24
virt-cdi-cloner-container-v2.6.0-24
virt-cdi-controller-container-v2.6.0-24
virt-cdi-uploadserver-container-v2.6.0-24
virt-cdi-apiserver-container-v2.6.0-24
virt-cdi-uploadproxy-container-v2.6.0-24
virt-cdi-operator-container-v2.6.0-24
hco-bundle-registry-container-v2.6.0-582
Security Fix(es):
* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for RHEL-8-CNV-2.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n==============\nkubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0799", "url": "https://access.redhat.com/errata/RHSA-2021:0799" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1732329", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732329" }, { "category": "external", "summary": "1783192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783192" }, { "category": "external", "summary": "1791753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791753" }, { "category": "external", "summary": "1804533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533" }, { "category": "external", "summary": "1848954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848954" }, { "category": "external", "summary": "1848956", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848956" }, { "category": "external", "summary": "1853652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652" }, { "category": "external", "summary": "1853911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853911" }, { "category": "external", "summary": "1854098", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854098" }, { "category": "external", "summary": "1856347", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856347" }, { "category": "external", "summary": "1856953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953" }, { "category": "external", "summary": "1859235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859235" }, { "category": "external", "summary": "1860714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860714" }, { "category": "external", "summary": "1860992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860992" }, { "category": "external", "summary": "1864577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1864577" }, { "category": "external", "summary": "1866593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866593" }, { "category": "external", "summary": "1867099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099" }, { "category": "external", "summary": "1868817", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868817" }, { "category": "external", "summary": "1873771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873771" }, { "category": "external", "summary": "1874812", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874812" }, { "category": "external", "summary": "1878499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878499" }, { "category": "external", "summary": "1879108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879108" }, { "category": "external", "summary": "1881874", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881874" }, { "category": "external", "summary": "1883232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883232" }, { "category": "external", "summary": "1883371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371" }, { "category": "external", "summary": "1885153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885153" }, { "category": "external", "summary": "1885418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885418" }, { "category": "external", "summary": "1887398", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887398" }, { "category": "external", "summary": "1889295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889295" }, { "category": "external", "summary": "1891285", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891285" }, { "category": "external", "summary": "1891440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891440" }, { "category": "external", "summary": "1892227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892227" }, { "category": "external", "summary": "1893278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893278" }, { "category": "external", "summary": "1893646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893646" }, { "category": "external", "summary": "1894428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894428" }, { "category": "external", "summary": "1894824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894824" }, { "category": "external", "summary": "1894897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894897" }, { "category": "external", "summary": "1895414", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895414" }, { "category": "external", "summary": "1897635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635" }, { "category": "external", "summary": "1898072", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898072" }, { "category": "external", "summary": "1898840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898840" }, { "category": "external", "summary": "1899558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899558" }, { "category": "external", "summary": "1901480", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901480" }, { "category": "external", "summary": "1902046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902046" }, { "category": "external", "summary": "1902111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902111" }, { "category": "external", "summary": "1903014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903014" }, { "category": "external", "summary": "1903585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903585" }, { "category": "external", "summary": "1904797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904797" }, { "category": "external", "summary": "1906199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906199" }, { "category": "external", "summary": "1907151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907151" }, { "category": "external", "summary": "1907352", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907352" }, { "category": "external", "summary": "1907691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907691" }, { "category": "external", "summary": "1907988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907988" }, { "category": "external", "summary": "1908363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908363" }, { "category": "external", "summary": "1908421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908421" }, { "category": "external", "summary": "1908883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908883" }, { "category": "external", "summary": "1909458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909458" }, { "category": "external", "summary": "1910857", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910857" }, { "category": "external", "summary": "1911118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911118" }, { "category": "external", "summary": "1911396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911396" }, { "category": "external", "summary": "1911662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911662" }, { "category": "external", "summary": "1912908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912908" }, { "category": "external", "summary": "1913248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913248" }, { "category": "external", "summary": "1913320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913320" }, { "category": "external", "summary": "1913717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913717" }, { "category": "external", "summary": "1913756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913756" }, { "category": "external", "summary": "1914177", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914177" }, { "category": "external", "summary": "1914608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914608" }, { "category": "external", "summary": "1914947", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914947" }, { "category": "external", "summary": "1917908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917908" }, { "category": "external", "summary": "1917963", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917963" }, { "category": "external", "summary": "1919391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "category": "external", "summary": "1920576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920576" }, { "category": "external", "summary": "1920610", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920610" }, { "category": "external", "summary": "1921650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" }, { "category": "external", "summary": "1923979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923979" }, { "category": "external", "summary": "1927373", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927373" }, { "category": "external", "summary": "1931376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931376" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_0799.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 2.6.0 security and bug fix update", "tracking": { "current_release_date": "2024-09-18T04:27:31+00:00", "generator": { "date": "2024-09-18T04:27:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:0799", "initial_release_date": "2021-03-10T11:41:12+00:00", "revision_history": [ { "date": "2021-03-10T11:41:12+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-03-10T11:41:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:27:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 2.6 for RHEL 8", "product": { "name": "CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "product": { "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "product_id": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-model-nfd-plugin\u0026tag=v2.6.0-9" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "product": { "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "product_id": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-node-labeller\u0026tag=v2.6.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "product": { "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "product_id": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-kvm-info-nfd-plugin\u0026tag=v2.6.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "product": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v2.6.0-25" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "product": { "name": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "product_id": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller\u0026tag=v2.6.0-25" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64 as a component of CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64" }, "product_reference": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "relates_to_product_reference": "8Base-CNV-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64 as a component of CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64" }, "product_reference": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "relates_to_product_reference": "8Base-CNV-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64 as a component of CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64" }, "product_reference": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "relates_to_product_reference": "8Base-CNV-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64 as a component of CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" }, "product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "relates_to_product_reference": "8Base-CNV-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64 as a component of CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" }, "product_reference": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "relates_to_product_reference": "8Base-CNV-2.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-9283", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "discovery_date": "2020-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1804533" } ], "notes": [ { "category": "description", "text": "A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform uses the vulnerable library in a number of components but strictly as an SSH client. The severity of this vulnerability is reduced for clients as it requires connections to malicious SSH servers, with the maximum impact only a client crash. This vulnerability is rated Low for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9283" }, { "category": "external", "summary": "RHBZ#1804533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9283", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9283" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY", "url": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY" } ], "release_date": "2020-02-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic" }, { "cve": "CVE-2020-14040", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2020-06-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853652" } ], "notes": [ { "category": "description", "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash", "title": "Vulnerability summary" }, { "category": "other", "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14040" }, { "category": "external", "summary": "RHBZ#1853652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040" }, { "category": "external", "summary": "https://github.com/golang/go/issues/39491", "url": "https://github.com/golang/go/issues/39491" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0", "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0" } ], "release_date": "2020-06-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash" }, { "cve": "CVE-2020-15586", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2020-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1856953" } ], "notes": [ { "category": "description", "text": "A flaw was found Go\u0027s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) components are primarily written in Go, meaning that any component using the net/http package includes the vulnerable code. OCP server endpoints using ReverseProxy are protected by authentication, reducing the severity of this vulnerability to Low for OCP.\n\nSimilar to OCP, OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization are also primarily written in Go and are protected via authentication, reducing the severity of this vulnerability to Low.\n\nRed Hat Gluster Storage 3 and Red Hat Openshift Container Storage 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.\n\nRed Hat Ceph Storage 3 and 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15586" }, { "category": "external", "summary": "RHBZ#1856953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15586", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15586" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ", "url": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ" } ], "release_date": "2020-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS" }, { "cve": "CVE-2020-16845", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2020-08-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1867099" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low.\n\nRed Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4) components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-16845" }, { "category": "external", "summary": "RHBZ#1867099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-16845", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16845" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo", "url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs" }, { "cve": "CVE-2020-26160", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2020-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1883371" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m[\"aud\"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is \"\". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.", "title": "Vulnerability description" }, { "category": "summary", "text": "jwt-go: access restriction bypass vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "The github.com/dgrijalva/jwt-go module is an indirect dependency of the k8s.io/client-go module pulled into Quay Bridge, and Setup operators via the Operator\u0027s SDK generated code. The k8s.io/client-go module does not use jwt-go in an unsafe way [1]. Red Hat Quay components have been marked as wontfix. This may be fixed in the future.\n\nSimilar to Quay, multiple OpenShift Container Platform (OCP) containers include jwt-go as a transient dependency due to go-autorest [1]. As such, those containers do not use jwt-go in an unsafe way. They have been marked wontfix at this time and may be fixed in a future update.\n\nSame as Quay and OpenShift Container Platform, components shipped with Red Hat OpenShift Container Storage 4 do not use jwt-go in an unsafe way and hence this issue has been rated as having a security impact of Low. A future update may address this issue.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli as a technical preview and is not currently planned to be addressed in future updates, hence the multi-cloud-object-gateway-cli package will not be fixed.\n\n[1] https://github.com/Azure/go-autorest/issues/568#issuecomment-703804062", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26160" }, { "category": "external", "summary": "RHBZ#1883371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26160", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26160" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515", "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515" } ], "release_date": "2020-09-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jwt-go: access restriction bypass vulnerability" }, { "cve": "CVE-2020-27813", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-11-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1902111" } ], "notes": [ { "category": "description", "text": "An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-github-gorilla-websocket: integer overflow leads to denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27813" }, { "category": "external", "summary": "RHBZ#1902111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902111" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27813", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27813" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27813", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27813" }, { "category": "external", "summary": "https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh", "url": "https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh" } ], "release_date": "2019-08-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-github-gorilla-websocket: integer overflow leads to denial of service" }, { "cve": "CVE-2020-28362", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2020-11-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1897635" } ], "notes": [ { "category": "description", "text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: panic during recursive division of very large numbers", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28362" }, { "category": "external", "summary": "RHBZ#1897635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28362" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362" } ], "release_date": "2020-11-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big: panic during recursive division of very large numbers" }, { "cve": "CVE-2020-29652", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2020-12-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1908883" } ], "notes": [ { "category": "description", "text": "A null pointer dereference vulnerability was found in golang. When using the library\u0027s ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the `gssapi-with-mic` authentication method and cause the server to panic resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference", "title": "Vulnerability summary" }, { "category": "other", "text": "A large number of products include the affected package, but do not make use of the vulnerable SSH server code. Accordingly, the flaw itself is rated as \"Important\", but these products themselves all have a \"Low\" severity rating.\n\nAdditionally, a number of products include golang.org/x/crypto (or even golang.org/x/crypto/ssh/terminal) but not specifically golang.org/x/crypto/ssh/server.go in the final build. As this would result in a very large number of entries of not affected products, only products which include the ssh server code (golang.org/x/crypto/ssh/server.go) have been represented here. \n\nRed Hat Enterprise Linux 8 container-tools:rhel8/containernetworking-plugins is not affected because although it uses some functionality from golang.org/x/crypto, it does not use or import anything from golang.org/x/crypto/ssh/*.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-29652" }, { "category": "external", "summary": "RHBZ#1908883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908883" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-29652", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29652" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1", "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1" } ], "release_date": "2020-12-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference" }, { "cve": "CVE-2021-3121", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1921650" } ], "notes": [ { "category": "description", "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3121" }, { "category": "external", "summary": "RHBZ#1921650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121" } ], "release_date": "2021-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation" }, { "acknowledgments": [ { "names": [ "Casey Callendrello" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2021-20206", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1919391" } ], "notes": [ { "category": "description", "text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) does package a vulnerable version of containernetworking/cni, however, the NetworkDefinitionAttachment is defined in code and cannot be easily changed except through a user who has access to the operator namespace such as cluster-admin. As such, for OSSM, the impact is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20206" }, { "category": "external", "summary": "RHBZ#1919391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206" } ], "release_date": "2021-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration" } ] }
rhsa-2021_1552
Vulnerability from csaf_redhat
Published
2021-05-19 15:12
Modified
2024-09-18 02:36
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.7.11 security and bug fix update
Notes
Topic
Red Hat OpenShift Container Platform release 4.7.11 is now available with updates to packages and images that fix several bugs.
This release includes a security update for Red Hat OpenShift Container Platform 4.7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.11. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1550
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.7.11 is now available with updates to packages and images that fix several bugs.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.11. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1550\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1552", "url": "https://access.redhat.com/errata/RHSA-2021:1552" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1919391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "category": "external", "summary": "1921650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" }, { "category": "external", "summary": "1940584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940584" }, { "category": "external", "summary": "1959661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959661" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_1552.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.11 security and bug fix update", "tracking": { "current_release_date": "2024-09-18T02:36:22+00:00", "generator": { "date": "2024-09-18T02:36:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:1552", "initial_release_date": "2021-05-19T15:12:09+00:00", "revision_history": [ { "date": "2021-05-19T15:12:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-19T15:12:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T02:36:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64", "product": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64", "product_id": "openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.7.0-202104281843.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c_amd64", "product": { "name": "openshift4/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c_amd64", "product_id": "openshift4/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.7.0-202105060839.p0" } } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc_amd64", "product": { "name": "openshift4/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc_amd64", "product_id": "openshift4/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-service-idler-rhel8\u0026tag=v4.7.0-202105111940.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.7.0-202105061841.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.7.0-202105061841.p0" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494_amd64", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494_amd64", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.7.0-202105062015.p0" } } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347_amd64", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347_amd64", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-jenkins-agent-nodejs-10-rhel8\u0026tag=v4.7.0-202105062344.p0" } } }, { "category": "product_version", "name": "openshift4/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e_amd64", "product": { "name": "openshift4/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e_amd64", "product_id": "openshift4/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator\u0026tag=v4.7.0-202105060839.p0" } } }, { "category": "product_version", "name": "openshift4/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242_amd64", "product": { "name": "openshift4/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242_amd64", "product_id": "openshift4/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-reporting-operator\u0026tag=v4.7.0-202104280847.p0" } } }, { "category": "product_version", "name": "openshift4/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584_amd64", "product": { "name": "openshift4/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584_amd64", "product_id": "openshift4/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584_amd64", "product_identification_helper": { "purl": "pkg:oci/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/network-tools-rhel8\u0026tag=v4.7.0-202105071917.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64", "product": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64", "product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.7.0-202104292239.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39_amd64", "product": { "name": "openshift4/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39_amd64", "product_id": "openshift4/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.7.0-202104292239.p0" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le", "product": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le", "product_id": "openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.7.0-202104281843.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea_ppc64le", "product": { "name": "openshift4/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea_ppc64le", "product_id": "openshift4/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.7.0-202105060839.p0" } } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9_ppc64le", "product": { "name": "openshift4/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9_ppc64le", "product_id": "openshift4/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-service-idler-rhel8\u0026tag=v4.7.0-202105111940.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.7.0-202105061841.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.7.0-202105061841.p0" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035_ppc64le", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035_ppc64le", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.7.0-202105062015.p0" } } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4_ppc64le", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4_ppc64le", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-jenkins-agent-nodejs-10-rhel8\u0026tag=v4.7.0-202105062344.p0" } } }, { "category": "product_version", "name": "openshift4/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318_ppc64le", "product": { "name": "openshift4/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318_ppc64le", "product_id": "openshift4/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/network-tools-rhel8\u0026tag=v4.7.0-202105071917.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le", "product": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le", "product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.7.0-202104292239.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa_ppc64le", "product": { "name": "openshift4/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa_ppc64le", "product_id": "openshift4/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.7.0-202104292239.p0" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x", "product": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x", "product_id": "openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.7.0-202104281843.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8_s390x", "product": { "name": "openshift4/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8_s390x", "product_id": "openshift4/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.7.0-202105060839.p0" } } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56_s390x", "product": { "name": "openshift4/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56_s390x", "product_id": "openshift4/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-service-idler-rhel8\u0026tag=v4.7.0-202105111940.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.7.0-202105061841.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.7.0-202105061841.p0" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29_s390x", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29_s390x", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.7.0-202105062015.p0" } } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0_s390x", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0_s390x", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-jenkins-agent-nodejs-10-rhel8\u0026tag=v4.7.0-202105062344.p0" } } }, { "category": "product_version", "name": "openshift4/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b_s390x", "product": { "name": "openshift4/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b_s390x", "product_id": "openshift4/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b_s390x", "product_identification_helper": { "purl": "pkg:oci/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/network-tools-rhel8\u0026tag=v4.7.0-202105071917.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x", "product": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x", "product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.7.0-202104292239.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0_s390x", "product": { "name": "openshift4/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0_s390x", "product_id": "openshift4/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.7.0-202104292239.p0" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584_amd64" }, "product_reference": "openshift4/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318_ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318_ppc64le" }, "product_reference": "openshift4/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b_s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b_s390x" }, "product_reference": "openshift4/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b_s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c_amd64" }, "product_reference": "openshift4/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea_ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea_ppc64le" }, "product_reference": "openshift4/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8_s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8_s390x" }, "product_reference": "openshift4/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8_s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035_ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035_ppc64le" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494_amd64" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29_s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29_s390x" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29_s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347_amd64" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4_ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4_ppc64le" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0_s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0_s390x" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0_s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e_amd64" }, "product_reference": "openshift4/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242_amd64" }, "product_reference": "openshift4/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc_amd64" }, "product_reference": "openshift4/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9_ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9_ppc64le" }, "product_reference": "openshift4/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56_s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56_s390x" }, "product_reference": "openshift4/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56_s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le" }, "product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64" }, "product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x" }, "product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0_s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0_s390x" }, "product_reference": "openshift4/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0_s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa_ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa_ppc64le" }, "product_reference": "openshift4/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39_amd64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39_amd64" }, "product_reference": "openshift4/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39_amd64", "relates_to_product_reference": "8Base-RHOSE-4.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3121", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584_amd64", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318_ppc64le", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b_s390x", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c_amd64", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8_s390x", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494_amd64", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29_s390x", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347_amd64", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0_s390x", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e_amd64", "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242_amd64", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc_amd64", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1921650" } ], "notes": [ { "category": "description", "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le" ], "known_not_affected": [ "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584_amd64", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318_ppc64le", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b_s390x", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c_amd64", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8_s390x", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494_amd64", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29_s390x", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347_amd64", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0_s390x", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e_amd64", "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242_amd64", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc_amd64", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3121" }, { "category": "external", "summary": "RHBZ#1921650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121" } ], "release_date": "2021-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1552" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation" }, { "acknowledgments": [ { "names": [ "Casey Callendrello" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2021-20206", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-22T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584_amd64", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318_ppc64le", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b_s390x", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c_amd64", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8_s390x", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494_amd64", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29_s390x", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347_amd64", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0_s390x", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e_amd64", "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242_amd64", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc_amd64", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1919391" } ], "notes": [ { "category": "description", "text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) does package a vulnerable version of containernetworking/cni, however, the NetworkDefinitionAttachment is defined in code and cannot be easily changed except through a user who has access to the operator namespace such as cluster-admin. As such, for OSSM, the impact is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x" ], "known_not_affected": [ "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:9e302c5584f6180f79b09882948c30a6b3b265ac3b44f7806b2c6ddee41fd584_amd64", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:f231fc58fbaab9b6bc5f5f58d793f8fbb181eb07821ac75663ff1bf2dc72b318_ppc64le", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8@sha256:f6622348f93737db720e66f708118878ae4e919ecab9329ec71f83c9ca59996b_s390x", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:494273ae3456a8e7d2ce93be8c8d1440a9a8bdf9d7546d871c2335088dd1bf2c_amd64", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:4e0ca4dec7a611b80530a6c5929e4bef71b3e2f137f70b9e7f14da2c2668b8ea_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator@sha256:ad7db49784e4d0cd586d693f8b2405cc6445ae81817d37ce0b42434214a5c3e8_s390x", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:3806a0ad25af8571f4ab0bd7208ea0de6b4c6eff3e566d28f128ad4e35c47d45_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:5055d03f47ac092798911c848d46f2b7e7357189f2e3967fc6ed376b04bf6e3a_amd64", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:73a306cddd631824702992ea885c721076e7b2fbe646d4518c93874ca81f5088_s390x", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3aaf6fcbb2ecdf130a2f3d13cfadb4a631019690b85a1f5eb42d341f2c2e8035_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b3437a45b0ec5605fe1c1d7b4d34265080e53a1ddecf6fc2f6dd332db2538494_amd64", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:bde942168e9e5cc636108ecfef23774b4eda331939abec7bb6ed58882939fb29_s390x", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:63bff9b5506263394129b06c3eb7573fc7bc66bd888d46997adde8a0175c9347_amd64", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:801e85ba7ac106109c823fcbb12c2ee9ca5e356ca3692aef9230b4d949eaadd4_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:eb3b70cf52702e45304d92e029ce8dc7ffeb2c52c149581a81b44461bf05eca0_s390x", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator@sha256:b89eb8aec001750b36228529157da1715459621250d806d7d4eabaa6829b9c9e_amd64", "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator@sha256:b37c5bb1f849975639fca545ad040ef1cb97691436189338592014ded6f66242_amd64", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:d46c5b885983b845795aa6821bb35c841d44024d8c9f4a99e92fa3c670072ddc_amd64", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:d59728003550000f3f26437009bb29bc3d310d7b2c941d9a043063436b5a37e9_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8@sha256:ec6dceaba1eab71574ddf07223a14dec7ff9b395b94d6bd369a4dfa555226c56_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:0c50e715c62b5ec483dd0c6acbade593475573d246edc9d2a762f57ef3845d9a_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:332b1a7d738d6eb12d44ab2703678740b14b9985dd6ade80176c827b694e821a_amd64", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller@sha256:7abbcf7c0275b08d5b00178da0b58a87bc9ce493fb9b115be521d8037de9c343_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:33e40f5366b349e44885b40dfb1b0e3e625b5a2adb37de719fb11dac2ec62fc0_s390x", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:7ce3db75dbc8c1a912ae7c40c09596ff0d80b8c896b475a230e5cd1f1ff3d6fa_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator@sha256:eabf7c557362188d0067db3a34a646c52efc337f831abdd3c1b679cef24a0c39_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20206" }, { "category": "external", "summary": "RHBZ#1919391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206" } ], "release_date": "2021-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1552" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:6664164671dec207c7ffb6da5dadb90880071e8821f4606e00eadcc5e59f76cb_ppc64le", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:bdef404b5688db92b2e95f564190677f391b47c31b2edf088220599e9b8951d3_amd64", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni@sha256:dde1aa450590a1172a39cfe9d829b1380192291070716d1f195fbe36d7585846_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration" } ] }
rhsa-2021_2438
Vulnerability from csaf_redhat
Published
2021-07-27 22:30
Modified
2021-07-27 22:30
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.8.2 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.8.2 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.2. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2437
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
Security Fix(es):
* SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183)
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
* etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)
* etcd: DoS in wal/wal.go (CVE-2020-15112)
* etcd: directories created via os.MkdirAll are not checked for permissions (CVE-2020-15113)
* etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS (CVE-2020-15114)
* etcd: no authentication is performed against endpoints provided in the --endpoints flag (CVE-2020-15136)
* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
* containers/storage: DoS via malicious image (CVE-2021-20291)
* prometheus: open redirect under the /new endpoint (CVE-2021-29622)
* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)
* go.elastic.co/apm: leaks sensitive HTTP headers during panic (CVE-2021-22133)
Space precludes listing in detail the following additional CVEs fixes: (CVE-2021-27292), (CVE-2021-28092), (CVE-2021-29059), (CVE-2021-23382), (CVE-2021-26539), (CVE-2021-26540), (CVE-2021-23337), (CVE-2021-23362) and (CVE-2021-23368)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-x86_64
The image digest is ssha256:0e82d17ababc79b10c10c5186920232810aeccbccf2a74c691487090a2c98ebc
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-s390x
The image digest is sha256:a284c5c3fa21b06a6a65d82be1dc7e58f378aa280acd38742fb167a26b91ecb5
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-ppc64le
The image digest is sha256:da989b8e28bccadbb535c2b9b7d3597146d14d254895cd35f544774f374cdd0f
All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.8.2 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.8.2. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:2437\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nSecurity Fix(es):\n\n* SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)\n\n* etcd: DoS in wal/wal.go (CVE-2020-15112)\n\n* etcd: directories created via os.MkdirAll are not checked for permissions (CVE-2020-15113)\n\n* etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS (CVE-2020-15114)\n\n* etcd: no authentication is performed against endpoints provided in the --endpoints flag (CVE-2020-15136)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\n* containers/storage: DoS via malicious image (CVE-2021-20291)\n\n* prometheus: open redirect under the /new endpoint (CVE-2021-29622)\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\n* go.elastic.co/apm: leaks sensitive HTTP headers during panic (CVE-2021-22133)\n\nSpace precludes listing in detail the following additional CVEs fixes: (CVE-2021-27292), (CVE-2021-28092), (CVE-2021-29059), (CVE-2021-23382), (CVE-2021-26539), (CVE-2021-26540), (CVE-2021-23337), (CVE-2021-23362) and (CVE-2021-23368)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-x86_64\n\nThe image digest is ssha256:0e82d17ababc79b10c10c5186920232810aeccbccf2a74c691487090a2c98ebc\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-s390x\n\nThe image digest is sha256:a284c5c3fa21b06a6a65d82be1dc7e58f378aa280acd38742fb167a26b91ecb5\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-ppc64le\n\nThe image digest is sha256:da989b8e28bccadbb535c2b9b7d3597146d14d254895cd35f544774f374cdd0f\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2438", "url": "https://access.redhat.com/errata/RHSA-2021:2438" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_2438.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.8.2 bug fix and security update", "tracking": { "current_release_date": "2021-07-27T22:30:00Z", "generator": { "date": "2023-07-01T05:02:00Z", "engine": { "name": "Red Hat SDEngine", "version": "3.18.0" } }, "id": "RHSA-2021:2438", "initial_release_date": "2021-07-27T22:30:00Z", "revision_history": [ { "date": "2021-07-27T22:30:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "category": "product_version", "name": "openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "product": { "name": "openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "product_id": "openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "product": { "name": "openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "product_id": "openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "product": { "name": "openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "product_id": "openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "product": { "name": "openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "product_id": "openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "product": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "product_id": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "product": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "product_id": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "product": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "product_id": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "product": { "name": "openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "product_id": "openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "product": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "product_id": "openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "product": { "name": "openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "product_id": "openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "product": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "product_id": "openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "product": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "product_id": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "product": { "name": "openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "product_id": "openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "product": { "name": "openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "product_id": "openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "product": { "name": "openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "product_id": "openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "product": { "name": "openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "product_id": "openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "product": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "product_id": "openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "product": { "name": "openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "product_id": "openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "product": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "product_id": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "product": { "name": "openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "product_id": "openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "product": { "name": "openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "product_id": "openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "product": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "product_id": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "product": { "name": "openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "product_id": "openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "product": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "product_id": "openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "product": { "name": "openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "product_id": "openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "product": { "name": "openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "product_id": "openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "product_id": "openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "product_id": "openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "product_id": "openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "product_id": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "product": { "name": "openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "product_id": "openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "product": { "name": "openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "product_id": "openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "product": { "name": "openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "product_id": "openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "product": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "product_id": "openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "product": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "product_id": "openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "product": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "product_id": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "product": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "product_id": "openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "product": { "name": "openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "product_id": "openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "product": { "name": "openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "product_id": "openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "product": { "name": "openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "product_id": "openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "product": { "name": "openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "product_id": "openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "product": { "name": "openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "product_id": "openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "product": { "name": "openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "product_id": "openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "product": { "name": "openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "product_id": "openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "product": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "product_id": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "product": { "name": "openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "product_id": "openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "product_id": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "product_id": "openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "product_id": "openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "product": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "product_id": "openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "product": { "name": "openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "product_id": "openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "product": { "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "product_id": "openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "product": { "name": "openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "product_id": "openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "product": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "product_id": "openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "product": { "name": "openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "product_id": "openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "product": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "product_id": "openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "product": { "name": "openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "product_id": "openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "product": { "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "product_id": "openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "product": { "name": "openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "product_id": "openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "product": { "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "product_id": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "product": { "name": "openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "product_id": "openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "product": { "name": "openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "product_id": "openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "product": { "name": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "product_id": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "product": { "name": "openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "product_id": "openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "product": { "name": "openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "product_id": "openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "product": { "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "product_id": "openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "product_id": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "product_id": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "product": { "name": "openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "product_id": "openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "product": { "name": "openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "product_id": "openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "product": { "name": "openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "product_id": "openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "product": { "name": "openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "product_id": "openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "product": { "name": "openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "product_id": "openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "product": { "name": "openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "product_id": "openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "product": { "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "product_id": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "product": { "name": "openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "product_id": "openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "product": { "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "product_id": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "product": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "product_id": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "product": { "name": "openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "product_id": "openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "product": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "product_id": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "product": { "name": "openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "product_id": "openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "product": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "product_id": "openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "product": { "name": "openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "product_id": "openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "product": { "name": "openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "product_id": "openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "product": { "name": "openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "product_id": "openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "product": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "product_id": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "product": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "product_id": "openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "product": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "product_id": "openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "product": { "name": "openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "product_id": "openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "product": { "name": "openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "product_id": "openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "product": { "name": "openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "product_id": "openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "product": { "name": "openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "product_id": "openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "product": { "name": "openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "product_id": "openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "product": { "name": "openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "product_id": "openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "product": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "product_id": "openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "product": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "product_id": "openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "product": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "product_id": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "product": { "name": "openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "product_id": "openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "product": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "product_id": "openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "product": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "product_id": "openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "product": { "name": "openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "product_id": "openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "product": { "name": "openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "product_id": "openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "product": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "product_id": "openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "product": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "product_id": "openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "product": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "product_id": "openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "product": { "name": "openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "product_id": "openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "product": { "name": "openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "product_id": "openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "product": { "name": "openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "product_id": "openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "product": { "name": "openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "product_id": "openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "product": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "product_id": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "product": { "name": "openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "product_id": "openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "product": { "name": "openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "product_id": "openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "product": { "name": "openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "product_id": "openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "product": { "name": "openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "product_id": "openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "product": { "name": "openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "product_id": "openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "product": { "name": "openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "product_id": "openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "product": { "name": "openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "product_id": "openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "product": { "name": "openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "product_id": "openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "product": { "name": "openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "product_id": "openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "product": { "name": "openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "product_id": "openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "product": { "name": "openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "product_id": "openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "product": { "name": "openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "product_id": "openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "product": { "name": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "product_id": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "product": { "name": "openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "product_id": "openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "product": { "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "product_id": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "product": { "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "product_id": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "product": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "product_id": "openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream" }, "product_reference": "openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream" }, "product_reference": "openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream" }, "product_reference": "openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream" }, "product_reference": "openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream" }, "product_reference": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream" }, "product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream" }, "product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream" }, "product_reference": "openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream" }, "product_reference": "openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream" }, "product_reference": "openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream" }, "product_reference": "openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream" }, "product_reference": "openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream" }, "product_reference": "openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream" }, "product_reference": "openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream" }, "product_reference": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream" }, "product_reference": "openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream" }, "product_reference": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream" }, "product_reference": "openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream" }, "product_reference": "openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream" }, "product_reference": "openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream" }, "product_reference": "openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream" }, "product_reference": "openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream" }, "product_reference": "openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream" }, "product_reference": "openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream" }, "product_reference": "openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream" }, "product_reference": "openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream" }, "product_reference": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream" }, "product_reference": "openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream" }, "product_reference": "openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream" }, "product_reference": "openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream" }, "product_reference": "openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream" }, "product_reference": "openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream" }, "product_reference": "openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream" }, "product_reference": "openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" }, "product_reference": "openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream" }, "product_reference": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream" }, "product_reference": "openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream" }, "product_reference": "openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream" }, "product_reference": "openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream" }, "product_reference": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream" }, "product_reference": "openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream" }, "product_reference": "openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream" }, "product_reference": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream" }, "product_reference": "openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" }, "product_reference": "openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream" }, "product_reference": "openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream" }, "product_reference": "openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream" }, "product_reference": "openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream" }, "product_reference": "openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream" }, "product_reference": "openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream" }, "product_reference": "openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream" }, "product_reference": "openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream" }, "product_reference": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream" }, "product_reference": "openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream" }, "product_reference": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream" }, "product_reference": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream" }, "product_reference": "openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream" }, "product_reference": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream" }, "product_reference": "openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream" }, "product_reference": "openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream" }, "product_reference": "openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream" }, "product_reference": "openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream" }, "product_reference": "openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream" }, "product_reference": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream" }, "product_reference": "openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream" }, "product_reference": "openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream" }, "product_reference": "openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream" }, "product_reference": "openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream" }, "product_reference": "openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream" }, "product_reference": "openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream" }, "product_reference": "openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream" }, "product_reference": "openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream" }, "product_reference": "openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream" }, "product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream" }, "product_reference": "openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream" }, "product_reference": "openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream" }, "product_reference": "openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream" }, "product_reference": "openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream" }, "product_reference": "openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream" }, "product_reference": "openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream" }, "product_reference": "openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream" }, "product_reference": "openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream" }, "product_reference": "openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream" }, "product_reference": "openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream" }, "product_reference": "openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream" }, "product_reference": "openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream" }, "product_reference": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream" }, "product_reference": "openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream" }, "product_reference": "openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream" }, "product_reference": "openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream" }, "product_reference": "openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream" }, "product_reference": "openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream" }, "product_reference": "openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream" }, "product_reference": "openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream" }, "product_reference": "openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" }, "product_reference": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream" }, "product_reference": "openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream" }, "product_reference": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream" }, "product_reference": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.8" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "OpenVPN" ] }, { "names": [ "Karthikeyan Bhargavan", "Ga\u00ebtan Leurent" ], "organization": "Inria", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-2183", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2016-08-18T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183" }, { "category": "external", "summary": "https://access.redhat.com/articles/2548661", "url": "https://access.redhat.com/articles/2548661" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2016:1940", "url": "https://access.redhat.com/errata/RHSA-2016:1940" }, { "category": "external", "summary": "https://sweet32.info/", "url": "https://sweet32.info/" }, { "category": "external", "summary": "CVE-2016-2183", "url": "https://access.redhat.com/security/cve/CVE-2016-2183" }, { "category": "external", "summary": "bz#1369383: CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" } ], "release_date": "2016-08-24T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.3, "collateralDamagePotential": "NOT_DEFINED", "confidentialityImpact": "PARTIAL", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 0.0, "exploitability": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "targetDistribution": "NOT_DEFINED", "temporalScore": 0.0, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2016-08-18T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)" }, { "cve": "CVE-2020-7774", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2020-11-17T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1898680" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n\u0027s locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-y18n: prototype pollution vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7774", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7774" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-Y18N-1021887", "url": "https://snyk.io/vuln/SNYK-JS-Y18N-1021887" }, { "category": "external", "summary": "CVE-2020-7774", "url": "https://access.redhat.com/security/cve/CVE-2020-7774" }, { "category": "external", "summary": "bz#1898680: CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898680" } ], "release_date": "2020-10-25T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2020-11-17T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability" }, { "cve": "CVE-2020-15106", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-08-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1868883" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found In etcd, where a large slice causes panic in the decodeRecord method. The size of a record is stored in the length field of a WAL file, and no additional validation is performed on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "etcd: Large slice causes panic in decodeRecord method", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15106", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15106" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15106", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15106" }, { "category": "external", "summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2", "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2" }, { "category": "external", "summary": "CVE-2020-15106", "url": "https://access.redhat.com/security/cve/CVE-2020-15106" }, { "category": "external", "summary": "bz#1868883: CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868883" } ], "release_date": "2020-08-05T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2020-08-06T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method" }, { "cve": "CVE-2020-15112", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-08-05T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1868872" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in etcd, where it is possible to have an entry index greater than the number of entries in the ReadAll method in wal/wal.go. This can cause issues when WAL entries are being read during consensus, as an arbitrary etcd consensus participant can go down from a runtime panic when reading the entry. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "etcd: DoS in wal/wal.go", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15112", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15112" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15112", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15112" }, { "category": "external", "summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93", "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93" }, { "category": "external", "summary": "CVE-2020-15112", "url": "https://access.redhat.com/security/cve/CVE-2020-15112" }, { "category": "external", "summary": "bz#1868872: CVE-2020-15112 etcd: DoS in wal/wal.go", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868872" } ], "release_date": "2020-08-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2020-08-05T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2020-15112 etcd: DoS in wal/wal.go" }, { "cve": "CVE-2020-15113", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-08-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1868870" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in etcd. Certain directory paths are created with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already.", "title": "Vulnerability description" }, { "category": "summary", "text": "etcd: directories created via os.MkdirAll are not checked for permissions", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15113", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15113" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15113", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15113" }, { "category": "external", "summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92", "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92" }, { "category": "external", "summary": "CVE-2020-15113", "url": "https://access.redhat.com/security/cve/CVE-2020-15113" }, { "category": "external", "summary": "bz#1868870: CVE-2020-15113 etcd: directories created via os.MkdirAll are not checked for permissions", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868870" } ], "release_date": "2020-08-05T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2020-08-06T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2020-15113 etcd: directories created via os.MkdirAll are not checked for permissions" }, { "cve": "CVE-2020-15114", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-08-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1868874" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in etcd, where the etcd gateway is a simple TCP proxy that allows basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This issue results in a denial of service since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15114", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15114" }, { "category": "external", "summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224", "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224" }, { "category": "external", "summary": "CVE-2020-15114", "url": "https://access.redhat.com/security/cve/CVE-2020-15114" }, { "category": "external", "summary": "bz#1868874: CVE-2020-15114 etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868874" } ], "release_date": "2020-08-05T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2020-08-06T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2020-15114 etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS" }, { "cve": "CVE-2020-15136", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2020-08-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1868880" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in etcd. The gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag.", "title": "Vulnerability description" }, { "category": "summary", "text": "etcd: no authentication is performed against endpoints provided in the --endpoints flag", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15136", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15136" }, { "category": "external", "summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q", "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q" }, { "category": "external", "summary": "CVE-2020-15136", "url": "https://access.redhat.com/security/cve/CVE-2020-15136" }, { "category": "external", "summary": "bz#1868880: CVE-2020-15136 etcd: no authentication is performed against endpoints provided in the --endpoints flag", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868880" } ], "release_date": "2020-08-05T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2020-08-06T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2020-15136 etcd: no authentication is performed against endpoints provided in the --endpoints flag" }, { "cve": "CVE-2020-26160", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2020-09-23T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m[\"aud\"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is \"\". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.", "title": "Vulnerability description" }, { "category": "summary", "text": "jwt-go: access restriction bypass vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26160", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26160" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515", "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515" }, { "category": "external", "summary": "CVE-2020-26160", "url": "https://access.redhat.com/security/cve/CVE-2020-26160" }, { "category": "external", "summary": "bz#1883371: CVE-2020-26160 jwt-go: access restriction bypass vulnerability", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371" } ], "release_date": "2020-09-15T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2020-09-23T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2020-26160 jwt-go: access restriction bypass vulnerability" }, { "cve": "CVE-2020-28469", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-01T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-glob-parent: Regular expression denial of service", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28469", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905", "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905" }, { "category": "external", "summary": "CVE-2020-28469", "url": "https://access.redhat.com/security/cve/CVE-2020-28469" }, { "category": "external", "summary": "bz#1945459: CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459" } ], "release_date": "2021-01-12T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-04-01T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service" }, { "cve": "CVE-2020-28500", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-15T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28500", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28500" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905", "url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905" }, { "category": "external", "summary": "CVE-2020-28500", "url": "https://access.redhat.com/security/cve/CVE-2020-28500" }, { "category": "external", "summary": "bz#1928954: CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954" } ], "release_date": "2021-02-15T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-02-15T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions" }, { "cve": "CVE-2020-28852", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in golang.org. In x/text, a \"slice bounds out of range\" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28852", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28852" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852" }, { "category": "external", "summary": "CVE-2020-28852", "url": "https://access.redhat.com/security/cve/CVE-2020-28852" }, { "category": "external", "summary": "bz#1913338: CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338" } ], "release_date": "2021-01-02T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-01-02T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag" }, { "cve": "CVE-2021-3114", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2021-01-21T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: incorrect operations on the P-224 curve", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w", "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "category": "external", "summary": "CVE-2021-3114", "url": "https://access.redhat.com/security/cve/CVE-2021-3114" }, { "category": "external", "summary": "bz#1918750: CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" } ], "release_date": "2021-01-20T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-01-21T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve" }, { "cve": "CVE-2021-3121", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-28T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121" }, { "category": "external", "summary": "CVE-2021-3121", "url": "https://access.redhat.com/security/cve/CVE-2021-3121" }, { "category": "external", "summary": "bz#1921650: CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" } ], "release_date": "2021-01-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-01-28T00:00:00Z", "details": "Important" } ], "title": "CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation" }, { "acknowledgments": [ { "names": [ "Casey Callendrello" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2021-20206", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-22T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206" }, { "category": "external", "summary": "CVE-2021-20206", "url": "https://access.redhat.com/security/cve/CVE-2021-20206" }, { "category": "external", "summary": "bz#1919391: CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" } ], "release_date": "2021-02-05T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-01-22T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration" }, { "acknowledgments": [ { "names": [ "Aviv Sasson" ], "organization": "Palo Alto Networks" } ], "cve": "CVE-2021-20291", "cwe": { "id": "CWE-667", "name": "Improper Locking" }, "discovery_date": "2021-03-12T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1939485" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A deadlock vulnerability was found in `github.com/containers/storage`. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "containers/storage: DoS via malicious image", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20291", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20291" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20291", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20291" }, { "category": "external", "summary": "https://unit42.paloaltonetworks.com/cve-2021-20291/", "url": "https://unit42.paloaltonetworks.com/cve-2021-20291/" }, { "category": "external", "summary": "CVE-2021-20291", "url": "https://access.redhat.com/security/cve/CVE-2021-20291" }, { "category": "external", "summary": "bz#1939485: CVE-2021-20291 containers/storage: DoS via malicious image", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939485" } ], "release_date": "2021-04-01T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-03-12T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-20291 containers/storage: DoS via malicious image" }, { "cve": "CVE-2021-22133", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2021-03-24T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1942553" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in the Elastic APM agent for Go in several versions, where it can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic, it is possible the headers will not be sanitized before being sent. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "go.elastic.co/apm: leaks sensitive HTTP headers during panic", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22133", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22133" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22133", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22133" }, { "category": "external", "summary": "https://discuss.elastic.co/t/elastic-apm-agent-for-go-1-11-0-security-update/263252", "url": "https://discuss.elastic.co/t/elastic-apm-agent-for-go-1-11-0-security-update/263252" }, { "category": "external", "summary": "CVE-2021-22133", "url": "https://access.redhat.com/security/cve/CVE-2021-22133" }, { "category": "external", "summary": "bz#1942553: CVE-2021-22133 go.elastic.co/apm: leaks sensitive HTTP headers during panic", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942553" } ], "release_date": "2021-02-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-03-24T00:00:00Z", "details": "Low" } ], "title": "CVE-2021-22133 go.elastic.co/apm: leaks sensitive HTTP headers during panic" }, { "cve": "CVE-2021-23337", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2021-02-15T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-lodash: command injection via template", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23337", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724", "url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724" }, { "category": "external", "summary": "CVE-2021-23337", "url": "https://access.redhat.com/security/cve/CVE-2021-23337" }, { "category": "external", "summary": "bz#1928937: CVE-2021-23337 nodejs-lodash: command injection via template", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937" } ], "release_date": "2021-02-15T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-02-15T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-23337 nodejs-lodash: command injection via template" }, { "cve": "CVE-2021-23362", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-25T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1943208" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression (regexp) function, `shortcutMatch` or `fromUrl`, then an attacker could craft a regexp which takes an ever increasing amount of time to process, potentially resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23362", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23362" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23362", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23362" }, { "category": "external", "summary": "CVE-2021-23362", "url": "https://access.redhat.com/security/cve/CVE-2021-23362" }, { "category": "external", "summary": "bz#1943208: CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943208" } ], "release_date": "2021-03-23T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-03-25T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()" }, { "cve": "CVE-2021-23368", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-12T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1948763" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss`. When parsing a supplied CSS string, if it contains an unexpected value then as the supplied CSS grows in length it will take an ever increasing amount of time to process. An attacker can use this vulnerability to potentially craft a malicious a long CSS value to process resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-postcss: Regular expression denial of service during source map parsing", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23368", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23368" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23368", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23368" }, { "category": "external", "summary": "CVE-2021-23368", "url": "https://access.redhat.com/security/cve/CVE-2021-23368" }, { "category": "external", "summary": "bz#1948763: CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948763" } ], "release_date": "2021-04-12T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-04-12T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing" }, { "cve": "CVE-2021-23382", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-26T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1954150" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss` when using getAnnotationURL() or loadAnnotation() options in lib/previous-map.js. An attacker can use this vulnerability to potentially craft a malicious CSS to process resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23382", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23382" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23382", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23382" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640", "url": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640" }, { "category": "external", "summary": "CVE-2021-23382", "url": "https://access.redhat.com/security/cve/CVE-2021-23382" }, { "category": "external", "summary": "bz#1954150: CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954150" } ], "release_date": "2021-04-26T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-04-26T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js" }, { "cve": "CVE-2021-26539", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-08T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1932362" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the \"allowedIframeHostnames\" option.", "title": "Vulnerability description" }, { "category": "summary", "text": "sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26539", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26539" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26539", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26539" }, { "category": "external", "summary": "CVE-2021-26539", "url": "https://access.redhat.com/security/cve/CVE-2021-26539" }, { "category": "external", "summary": "bz#1932362: CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932362" } ], "release_date": "2021-01-22T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-02-08T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation" }, { "cve": "CVE-2021-26540", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-08T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1932323" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\".", "title": "Vulnerability description" }, { "category": "summary", "text": "sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26540", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26540" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26540", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26540" }, { "category": "external", "summary": "CVE-2021-26540", "url": "https://access.redhat.com/security/cve/CVE-2021-26540" }, { "category": "external", "summary": "bz#1932323: CVE-2021-26540 sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932323" } ], "release_date": "2021-01-26T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-02-08T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-26540 sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element" }, { "cve": "CVE-2021-27292", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-17T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27292", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27292" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292" }, { "category": "external", "summary": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76", "url": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76" }, { "category": "external", "summary": "CVE-2021-27292", "url": "https://access.redhat.com/security/cve/CVE-2021-27292" }, { "category": "external", "summary": "bz#1940613: CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613" } ], "release_date": "2021-02-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-03-17T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header" }, { "cve": "CVE-2021-28092", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-12T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in is-svg package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS).\r\nThe highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-is-svg: ReDoS via malicious string", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28092", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28092" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092" }, { "category": "external", "summary": "CVE-2021-28092", "url": "https://access.redhat.com/security/cve/CVE-2021-28092" }, { "category": "external", "summary": "bz#1939103: CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103" } ], "release_date": "2021-03-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-03-12T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string" }, { "cve": "CVE-2021-29059", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-06-22T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1974839" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in IS-SVG where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29059", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29059" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29059", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29059" }, { "category": "external", "summary": "CVE-2021-29059", "url": "https://access.redhat.com/security/cve/CVE-2021-29059" }, { "category": "external", "summary": "bz#1974839: CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974839" } ], "release_date": "2021-06-21T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-06-22T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string" }, { "cve": "CVE-2021-29622", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2021-05-19T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1962718" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "An open redirect vulnerability was found in Prometheus. By specially crafted URL and a /new endpoint, an attacker can redirect user to any other URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "prometheus: open redirect under the /new endpoint", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29622", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29622" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29622", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29622" }, { "category": "external", "summary": "CVE-2021-29622", "url": "https://access.redhat.com/security/cve/CVE-2021-29622" }, { "category": "external", "summary": "bz#1962718: CVE-2021-29622 prometheus: open redirect under the /new endpoint", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962718" } ], "release_date": "2021-05-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-05-19T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-29622 prometheus: open redirect under the /new endpoint" }, { "cve": "CVE-2021-33194", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2021-05-20T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1963232" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in golang. An attacker can craft an input to ParseFragment within parse.go that would cause it to enter an infinite loop and never return. The greatest threat to the system is of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: x/net/html: infinite loop in ParseFragment", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream", "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream", "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream", "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream", "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33194", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ", "url": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ" }, { "category": "external", "summary": "CVE-2021-33194", "url": "https://access.redhat.com/security/cve/CVE-2021-33194" }, { "category": "external", "summary": "bz#1963232: CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963232" } ], "release_date": "2021-05-20T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:2438" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-05-20T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment" } ] }
rhsa-2021_1005
Vulnerability from csaf_redhat
Published
2021-04-05 13:54
Modified
2021-04-05 13:54
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.7.5 security and bug fix update
Notes
Topic
Red Hat OpenShift Container Platform release 4.7.5 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.7.5. See the following advisory for the RPM packages for
this release:
https://access.redhat.com/errata/RHSA-2021:1006
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs. Documentation for these changes is available from the Release Notes document linked to in the References section.
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-x86_64
The image digest is
sha256:0a4c44daf1666f069258aa983a66afa2f3998b78ced79faa6174e0a0f438f0a5
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-s390x
The image digest is
sha256:3fc802aafb72402768bbf1b19ce7c6de95256e5cc50799390e63f40d96cec3cd
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le
The image digest is
sha256:5cf6b61198337cd0950e63296be4e48e991721ac17c625f7fd77cf557f08efc7
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.7.5 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.5. See the following advisory for the RPM packages for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:1006\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nThis update also fixes several bugs. Documentation for these changes is available from the Release Notes document linked to in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-x86_64\n\nThe image digest is\nsha256:0a4c44daf1666f069258aa983a66afa2f3998b78ced79faa6174e0a0f438f0a5\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-s390x\n\nThe image digest is\nsha256:3fc802aafb72402768bbf1b19ce7c6de95256e5cc50799390e63f40d96cec3cd\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le\n\nThe image digest is\nsha256:5cf6b61198337cd0950e63296be4e48e991721ac17c625f7fd77cf557f08efc7", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1005", "url": "https://access.redhat.com/errata/RHSA-2021:1005" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_1005.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.5 security and bug fix update", "tracking": { "current_release_date": "2021-04-05T13:54:00Z", "generator": { "date": "2023-07-01T04:42:00Z", "engine": { "name": "Red Hat SDEngine", "version": "3.18.0" } }, "id": "RHSA-2021:1005", "initial_release_date": "2021-04-05T13:54:00Z", "revision_history": [ { "date": "2021-04-05T13:54:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "category": "product_version", "name": "openshift4/egress-router-cni-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/egress-router-cni-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/egress-router-cni-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-aws-machine-controllers:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-aws-machine-controllers:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-aws-machine-controllers:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-azure-machine-controllers:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-azure-machine-controllers:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-azure-machine-controllers:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-machine-controllers:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-baremetal-machine-controllers:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-baremetal-machine-controllers:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-baremetal-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cli-artifacts:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cli-artifacts:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cli-artifacts:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cli:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cli:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cli:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cloud-credential-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cloud-credential-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cloud-credential-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-authentication-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-authentication-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-authentication-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-autoscaler-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-autoscaler:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-autoscaler:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-bootstrap:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-bootstrap:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-bootstrap:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-config-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-config-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-config-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-dns-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-dns-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-dns-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-image-registry-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-image-registry-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-image-registry-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-ingress-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-ingress-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-ingress-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-machine-approver:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-machine-approver:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-machine-approver:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-monitoring-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-monitoring-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-monitoring-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-network-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-network-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-network-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-node-tuning-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-node-tuning-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-samples-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-samples-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-samples-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-storage-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-storage-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-storage-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-update-keys:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-update-keys:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-update-keys:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-version-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-cluster-version-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-cluster-version-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-configmap-reloader:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-configmap-reloader:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-configmap-reloader:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-console-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-console-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-console-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-console:v4.7.0-202103261426.p0", "product": { "name": "openshift4/ose-console:v4.7.0-202103261426.p0", "product_id": "openshift4/ose-console:v4.7.0-202103261426.p0" } }, { "category": "product_version", "name": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-coredns:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-coredns:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-coredns:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-external-attacher:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-external-attacher:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-provisioner:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-external-provisioner:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-external-provisioner:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-external-resizer:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-external-resizer:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-external-snapshotter:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-external-snapshotter:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-livenessprobe:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-livenessprobe:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-livenessprobe:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-node-driver-registrar:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-node-driver-registrar:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-node-driver-registrar:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-snapshot-controller:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-snapshot-controller:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-deployer:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-deployer:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-deployer:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-docker-builder:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-docker-builder:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-docker-builder:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-docker-registry:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-docker-registry:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-docker-registry:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-etcd:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-etcd:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-etcd:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-grafana:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-grafana:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-grafana:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-haproxy-router:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-haproxy-router:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-haproxy-router:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-hello-openshift-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-hello-openshift-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-hello-openshift-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-hyperkube:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-hyperkube:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-hyperkube:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-insights-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-insights-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-insights-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-installer-artifacts:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-installer-artifacts:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-installer-artifacts:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-installer:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-installer:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-installer:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ironic-inspector-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ironic-inspector-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ironic-inspector-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ironic-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ironic-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ironic-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-base:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-jenkins-agent-base:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-jenkins-agent-base:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-maven:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-jenkins-agent-maven:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-jenkins-agent-maven:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-jenkins:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-jenkins:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-jenkins:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-k8s-prometheus-adapter:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-k8s-prometheus-adapter:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-keepalived-ipfailover:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-keepalived-ipfailover:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-keepalived-ipfailover:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-kube-proxy:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-kube-proxy:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-kube-proxy:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-kube-rbac-proxy:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-kube-rbac-proxy:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-kube-rbac-proxy:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-kube-state-metrics:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-kube-state-metrics:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-kube-state-metrics:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-cni-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-kuryr-cni-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-controller-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-kuryr-controller-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-libvirt-machine-controllers:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-libvirt-machine-controllers:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-libvirt-machine-controllers:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-machine-api-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-machine-api-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-machine-config-operator:v4.7.0-202103302336.p0", "product": { "name": "openshift4/ose-machine-config-operator:v4.7.0-202103302336.p0", "product_id": "openshift4/ose-machine-config-operator:v4.7.0-202103302336.p0" } }, { "category": "product_version", "name": "openshift4/ose-mdns-publisher-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-mdns-publisher-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-mdns-publisher-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-multus-admission-controller:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-multus-admission-controller:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-multus-admission-controller:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-multus-cni:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-multus-cni:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-multus-cni:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-must-gather:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-must-gather:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-must-gather:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-oauth-proxy:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-oauth-proxy:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-oauth-proxy:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-oauth-server-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-oauth-server-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-oauth-server-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-openstack-machine-controllers:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-openstack-machine-controllers:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-openstack-machine-controllers:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-operator-lifecycle-manager:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-operator-lifecycle-manager:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-operator-lifecycle-manager:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-operator-marketplace:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-operator-marketplace:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-operator-marketplace:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-operator-registry:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-operator-registry:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-operator-registry:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-ovn-kubernetes:v4.7.0-202103270649.p0", "product": { "name": "openshift4/ose-ovn-kubernetes:v4.7.0-202103270649.p0", "product_id": "openshift4/ose-ovn-kubernetes:v4.7.0-202103270649.p0" } }, { "category": "product_version", "name": "openshift4/ose-pod:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-pod:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-pod:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-prom-label-proxy:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-prom-label-proxy:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-prom-label-proxy:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-alertmanager:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-prometheus-alertmanager:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-prometheus-alertmanager:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-config-reloader:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-prometheus-config-reloader:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-prometheus-config-reloader:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-node-exporter:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-prometheus-node-exporter:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-prometheus-node-exporter:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-prometheus-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-prometheus-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-prometheus:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-prometheus:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-prometheus:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-sdn-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-sdn-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-sdn-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-service-ca-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-service-ca-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-service-ca-operator:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-telemeter:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-telemeter:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-telemeter:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-tests:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-tests:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-tests:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-thanos-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-thanos-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-thanos-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-tools-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-tools-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-tools-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202103270130.p0", "product_id": "openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel7:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ovirt-csi-driver-rhel7:v4.7.0-202103270130.p0", "product_id": "openshift4/ovirt-csi-driver-rhel7:v4.7.0-202103270130.p0" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "product": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "product_id": "openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202103270130.p0" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/egress-router-cni-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/egress-router-cni-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/egress-router-cni-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-machine-controllers:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-aws-machine-controllers:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-aws-machine-controllers:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-machine-controllers:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-azure-machine-controllers:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-azure-machine-controllers:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-baremetal-installer-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-machine-controllers:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-baremetal-machine-controllers:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-baremetal-machine-controllers:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-baremetal-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-baremetal-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli-artifacts:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cli-artifacts:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cli-artifacts:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cli:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cli:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cloud-credential-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cloud-credential-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cloud-credential-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-authentication-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-authentication-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-authentication-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-autoscaler-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-autoscaler:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-bootstrap:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-bootstrap:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-bootstrap:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-config-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-config-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-config-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-dns-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-dns-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-dns-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-image-registry-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-image-registry-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-image-registry-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-ingress-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-ingress-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-ingress-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-machine-approver:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-machine-approver:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-machine-approver:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-monitoring-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-monitoring-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-monitoring-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-network-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-network-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-network-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-node-tuning-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-node-tuning-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-samples-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-samples-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-samples-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-storage-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-storage-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-storage-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-update-keys:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-update-keys:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-update-keys:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-version-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-version-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-cluster-version-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-configmap-reloader:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-configmap-reloader:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-configmap-reloader:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-console-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-console-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console:v4.7.0-202103261426.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-console:v4.7.0-202103261426.p0" }, "product_reference": "openshift4/ose-console:v4.7.0-202103261426.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-coredns:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-coredns:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-coredns:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-external-attacher:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-provisioner:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-external-provisioner:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-external-resizer:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-external-snapshotter:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-livenessprobe:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-livenessprobe:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-node-driver-registrar:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-node-driver-registrar:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-snapshot-controller:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-deployer:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-deployer:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-deployer:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-builder:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-docker-builder:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-docker-builder:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-registry:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-docker-registry:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-docker-registry:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-etcd:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-etcd:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-etcd:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-grafana:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-grafana:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-grafana:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-haproxy-router:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-haproxy-router:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-haproxy-router:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-hello-openshift-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-hello-openshift-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-hello-openshift-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-hyperkube:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-hyperkube:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-hyperkube:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-insights-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-insights-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-insights-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer-artifacts:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-installer-artifacts:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-installer-artifacts:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-installer:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-installer:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-inspector-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-inspector-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ironic-inspector-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ironic-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-base:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-base:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-jenkins-agent-base:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-maven:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-maven:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-jenkins-agent-maven:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-jenkins:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-k8s-prometheus-adapter:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-k8s-prometheus-adapter:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-keepalived-ipfailover:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-keepalived-ipfailover:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-keepalived-ipfailover:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-proxy:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kube-proxy:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-kube-proxy:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-rbac-proxy:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kube-rbac-proxy:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-kube-rbac-proxy:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-state-metrics:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kube-state-metrics:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-kube-state-metrics:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kuryr-cni-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-kuryr-cni-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kuryr-controller-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-kuryr-controller-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-libvirt-machine-controllers:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-libvirt-machine-controllers:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-libvirt-machine-controllers:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-machine-api-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-machine-api-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-config-operator:v4.7.0-202103302336.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-machine-config-operator:v4.7.0-202103302336.p0" }, "product_reference": "openshift4/ose-machine-config-operator:v4.7.0-202103302336.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-mdns-publisher-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-mdns-publisher-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-mdns-publisher-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-admission-controller:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-multus-admission-controller:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-multus-admission-controller:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-cni:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-multus-cni:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-multus-cni:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-must-gather:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-must-gather:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-must-gather:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-proxy:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-oauth-proxy:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-oauth-proxy:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-server-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-oauth-server-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-oauth-server-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-machine-controllers:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-openstack-machine-controllers:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-openstack-machine-controllers:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-lifecycle-manager:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-operator-lifecycle-manager:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-operator-lifecycle-manager:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-marketplace:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-operator-marketplace:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-operator-marketplace:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-registry:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-operator-registry:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-operator-registry:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovn-kubernetes:v4.7.0-202103270649.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ovn-kubernetes:v4.7.0-202103270649.p0" }, "product_reference": "openshift4/ose-ovn-kubernetes:v4.7.0-202103270649.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-pod:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-pod:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-pod:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prom-label-proxy:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prom-label-proxy:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-prom-label-proxy:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-alertmanager:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prometheus-alertmanager:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-prometheus-alertmanager:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-config-reloader:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prometheus-config-reloader:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-prometheus-config-reloader:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-node-exporter:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prometheus-node-exporter:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-prometheus-node-exporter:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prometheus-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-prometheus-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-prometheus:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-prometheus:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sdn-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sdn-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-sdn-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-ca-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-service-ca-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-service-ca-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-telemeter:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-telemeter:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-telemeter:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tests:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-tests:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-tests:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-thanos-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-thanos-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-thanos-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tools-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-tools-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-tools-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel7:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel7:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ovirt-csi-driver-rhel7:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202103270130.p0 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202103270130.p0" }, "product_reference": "openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "relates_to_product_reference": "8Base-RHOSE-4.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3121", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-28T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.7:openshift4/egress-router-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-azure-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-installer-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cli-artifacts:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cli:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cloud-credential-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-authentication-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-bootstrap:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-config-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-dns-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-image-registry-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-ingress-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-machine-approver:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-monitoring-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-network-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-node-tuning-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-samples-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-storage-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-update-keys:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-version-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-configmap-reloader:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-console-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-console:v4.7.0-202103261426.p0", "8Base-RHOSE-4.7:openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-coredns:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-deployer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-docker-builder:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-docker-registry:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-etcd:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-grafana:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-haproxy-router:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-hello-openshift-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-hyperkube:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-insights-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-installer-artifacts:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-installer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-inspector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-base:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-maven:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-k8s-prometheus-adapter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-keepalived-ipfailover:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-rbac-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-state-metrics:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kuryr-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kuryr-controller-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-libvirt-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-machine-api-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-machine-config-operator:v4.7.0-202103302336.p0", "8Base-RHOSE-4.7:openshift4/ose-mdns-publisher-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-admission-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-cni:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-must-gather:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-server-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-lifecycle-manager:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-marketplace:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-registry:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ovn-kubernetes:v4.7.0-202103270649.p0", "8Base-RHOSE-4.7:openshift4/ose-pod:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prom-label-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-alertmanager:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-config-reloader:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-node-exporter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sdn-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-service-ca-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-telemeter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-tests:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-thanos-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-tools-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel7:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202103270130.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0" ], "known_not_affected": [ "8Base-RHOSE-4.7:openshift4/egress-router-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-azure-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-installer-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cli-artifacts:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cli:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cloud-credential-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-authentication-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-bootstrap:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-config-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-dns-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-image-registry-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-ingress-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-machine-approver:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-monitoring-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-network-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-node-tuning-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-samples-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-storage-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-update-keys:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-version-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-configmap-reloader:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-console-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-console:v4.7.0-202103261426.p0", "8Base-RHOSE-4.7:openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-coredns:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-deployer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-docker-builder:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-docker-registry:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-etcd:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-grafana:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-haproxy-router:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-hello-openshift-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-hyperkube:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-insights-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-installer-artifacts:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-installer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-inspector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-base:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-maven:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-k8s-prometheus-adapter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-keepalived-ipfailover:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-rbac-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-state-metrics:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kuryr-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kuryr-controller-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-libvirt-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-machine-api-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-machine-config-operator:v4.7.0-202103302336.p0", "8Base-RHOSE-4.7:openshift4/ose-mdns-publisher-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-admission-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-cni:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-must-gather:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-server-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-lifecycle-manager:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-marketplace:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-registry:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ovn-kubernetes:v4.7.0-202103270649.p0", "8Base-RHOSE-4.7:openshift4/ose-pod:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prom-label-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-alertmanager:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-config-reloader:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-node-exporter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sdn-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-service-ca-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-telemeter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-tests:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-thanos-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-tools-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel7:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202103270130.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121" }, { "category": "external", "summary": "CVE-2021-3121", "url": "https://access.redhat.com/security/cve/CVE-2021-3121" }, { "category": "external", "summary": "bz#1921650: CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" } ], "release_date": "2021-01-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1005" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-28T00:00:00Z", "details": "Important" } ], "title": "CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation" }, { "acknowledgments": [ { "names": [ "Casey Callendrello" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2021-20206", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-22T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.7:openshift4/egress-router-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-azure-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-installer-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cli-artifacts:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cli:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cloud-credential-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-authentication-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-bootstrap:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-config-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-dns-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-image-registry-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-ingress-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-machine-approver:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-monitoring-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-network-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-node-tuning-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-samples-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-storage-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-update-keys:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-version-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-configmap-reloader:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-console-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-console:v4.7.0-202103261426.p0", "8Base-RHOSE-4.7:openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-coredns:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-deployer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-docker-registry:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-etcd:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-grafana:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-haproxy-router:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-hello-openshift-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-hyperkube:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-insights-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-installer-artifacts:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-installer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-inspector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-base:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-maven:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-k8s-prometheus-adapter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-keepalived-ipfailover:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-rbac-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-state-metrics:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kuryr-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kuryr-controller-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-libvirt-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-machine-api-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-machine-config-operator:v4.7.0-202103302336.p0", "8Base-RHOSE-4.7:openshift4/ose-mdns-publisher-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-admission-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-cni:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-must-gather:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-server-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-lifecycle-manager:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-marketplace:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-registry:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ovn-kubernetes:v4.7.0-202103270649.p0", "8Base-RHOSE-4.7:openshift4/ose-pod:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prom-label-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-alertmanager:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-config-reloader:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-node-exporter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sdn-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-service-ca-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-telemeter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-tests:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-thanos-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-tools-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel7:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202103270130.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:openshift4/ose-docker-builder:v4.7.0-202103270130.p0" ], "known_not_affected": [ "8Base-RHOSE-4.7:openshift4/egress-router-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-azure-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-installer-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-baremetal-runtimecfg-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cli-artifacts:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cli:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cloud-credential-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-authentication-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-autoscaler:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-baremetal-operator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-bootstrap:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-config-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-dns-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-etcd-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-image-registry-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-ingress-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-apiserver-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-controller-manager-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-scheduler-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-machine-approver:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-monitoring-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-network-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-node-tuning-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-apiserver-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-openshift-controller-manager-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-policy-controller-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-samples-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-storage-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-update-keys:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-cluster-version-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-configmap-reloader:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-console-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-console:v4.7.0-202103261426.p0", "8Base-RHOSE-4.7:openshift4/ose-container-networking-plugins-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-coredns:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-manila-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-attacher:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-provisioner:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-resizer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-external-snapshotter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-livenessprobe:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-node-driver-registrar:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-deployer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-docker-registry:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-etcd:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-machine-controllers-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-grafana:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-haproxy-router:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-hello-openshift-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-hyperkube:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-insights-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-installer-artifacts:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-installer:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-inspector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-ipa-downloader-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ironic-static-ip-manager-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-base:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-maven:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-jenkins:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-k8s-prometheus-adapter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-keepalived-ipfailover:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-rbac-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-state-metrics:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kube-storage-version-migrator-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kuryr-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-kuryr-controller-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-libvirt-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-machine-api-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-machine-config-operator:v4.7.0-202103302336.p0", "8Base-RHOSE-4.7:openshift4/ose-mdns-publisher-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-admission-controller:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-cni:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-networkpolicy-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-route-override-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-must-gather:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-network-metrics-daemon-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-apiserver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-oauth-server-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-apiserver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-controller-manager-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openshift-state-metrics-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-openstack-machine-controllers:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-lifecycle-manager:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-marketplace:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-operator-registry:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ovirt-machine-controllers-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-ovn-kubernetes:v4.7.0-202103270649.p0", "8Base-RHOSE-4.7:openshift4/ose-pod:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prom-label-proxy:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-alertmanager:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-config-reloader:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-node-exporter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-prometheus:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-sdn-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-service-ca-operator:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-telemeter:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-tests:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-thanos-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-tools-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ose-vsphere-problem-detector-rhel8:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel7:v4.7.0-202103270130.p0", "8Base-RHOSE-4.7:openshift4/ovirt-csi-driver-rhel8-operator:v4.7.0-202103270130.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206" }, { "category": "external", "summary": "CVE-2021-20206", "url": "https://access.redhat.com/security/cve/CVE-2021-20206" }, { "category": "external", "summary": "bz#1919391: CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" } ], "release_date": "2021-02-05T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.7:openshift4/ose-docker-builder:v4.7.0-202103270130.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1005" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:openshift4/ose-docker-builder:v4.7.0-202103270130.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-22T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration" } ] }
ghsa-xjqr-g762-pxwp
Vulnerability from github
Published
2022-02-15 01:57
Modified
2023-10-02 13:12
Severity
Summary
containernetworking/cni improper limitation of path name
Details
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Specific Go Packages Affected
github.com/containernetworking/cni/pkg/invoke
{ "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/containernetworking/cni" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.8.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-20206" ], "database_specific": { "cwe_ids": [ "CWE-20", "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2021-05-18T21:07:06Z", "nvd_published_at": "2021-03-26T22:15:00Z", "severity": "HIGH" }, "details": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n### Specific Go Packages Affected\ngithub.com/containernetworking/cni/pkg/invoke", "id": "GHSA-xjqr-g762-pxwp", "modified": "2023-10-02T13:12:28Z", "published": "2022-02-15T01:57:18Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206" }, { "type": "WEB", "url": "https://github.com/containernetworking/cni/pull/808" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "type": "PACKAGE", "url": "https://github.com/containernetworking/cni" }, { "type": "WEB", "url": "https://pkg.go.dev/vuln/GO-2022-0230" }, { "type": "WEB", "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "containernetworking/cni improper limitation of path name" }
gsd-2021-20206
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-20206", "description": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "id": "GSD-2021-20206", "references": [ "https://www.suse.com/security/cve/CVE-2021-20206.html", "https://access.redhat.com/errata/RHSA-2022:0492", "https://access.redhat.com/errata/RHSA-2021:3001", "https://access.redhat.com/errata/RHSA-2021:2438", "https://access.redhat.com/errata/RHSA-2021:1552", "https://access.redhat.com/errata/RHSA-2021:1007", "https://access.redhat.com/errata/RHSA-2021:1005", "https://access.redhat.com/errata/RHSA-2021:0799", "https://access.redhat.com/errata/RHSA-2022:1660" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-20206" ], "details": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "id": "GSD-2021-20206", "modified": "2023-12-13T01:23:12.464372Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20206", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "containernetworking-cni", "version": { "version_data": [ { "version_value": "containernetworking/cni 0.8.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20-\u003eCWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003cv0.8.1", "affected_versions": "All versions before 0.8.1", "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-22", "CWE-937" ], "date": "2022-04-12", "description": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "fixed_versions": [ "v0.8.1" ], "identifier": "CVE-2021-20206", "identifiers": [ "GHSA-xjqr-g762-pxwp", "CVE-2021-20206" ], "not_impacted": "All versions starting from 0.8.1", "package_slug": "go/github.com/containernetworking/cni", "pubdate": "2022-02-15", "solution": "Upgrade to version 0.8.1 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-20206", "https://github.com/containernetworking/cni/pull/808", "https://bugzilla.redhat.com/show_bug.cgi?id=1919391", "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549", "https://github.com/advisories/GHSA-xjqr-g762-pxwp" ], "uuid": "4dec30da-766e-4c53-8e00-64fa9f237212", "versions": [ { "commit": { "sha": "9fc34aee0a6396d6484992035819c92c42522eea", "tags": [ "v0.8.1" ], "timestamp": "20210202142012" }, "number": "v0.8.1" } ] }, { "affected_range": "\u003cv0.8.1", "affected_versions": "All versions before 0.8.1", "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-22", "CWE-937" ], "date": "2022-04-12", "description": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "fixed_versions": [ "v0.8.1" ], "identifier": "CVE-2021-20206", "identifiers": [ "GHSA-xjqr-g762-pxwp", "CVE-2021-20206" ], "not_impacted": "All versions starting from 0.8.1", "package_slug": "go/github.com/containernetworking/cni/pkg/invoke", "pubdate": "2022-02-15", "solution": "Upgrade to version 0.8.1 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-20206", "https://github.com/containernetworking/cni/pull/808", "https://bugzilla.redhat.com/show_bug.cgi?id=1919391", "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549", "https://github.com/advisories/GHSA-xjqr-g762-pxwp" ], "uuid": "bdeeb390-bab6-4499-9204-8ae1fedf046b", "versions": [ { "commit": { "sha": "9fc34aee0a6396d6484992035819c92c42522eea", "tags": [ "v0.8.1" ], "timestamp": "20210202142012" }, "number": "v0.8.1" } ] } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:linuxfoundation:container_network_interface:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.8.1", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20206" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391", "refsource": "MISC", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" }, { "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9 } }, "lastModifiedDate": "2022-08-05T17:42Z", "publishedDate": "2021-03-26T22:15Z" } } }
Loading...