Action not permitted
Modal body text goes here.
CVE-2021-26540
Vulnerability from cvelistv5
Published
2021-02-08 16:16
Modified
2024-08-03 20:26
Severity
Summary
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
References
| Source | URL | Tags |
|---|---|---|
| cve@mitre.org | https://advisory.checkmarx.net/advisory/CX-2021-4309 | Exploit, Patch, Third Party Advisory |
| cve@mitre.org | https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26 | Release Notes, Third Party Advisory |
| cve@mitre.org | https://github.com/apostrophecms/sanitize-html/pull/460 | Patch, Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apostrophecms/sanitize-html/pull/460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2021-4309"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-25T22:01:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apostrophecms/sanitize-html/pull/460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2021-4309"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26",
"refsource": "MISC",
"url": "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26"
},
{
"name": "https://github.com/apostrophecms/sanitize-html/pull/460",
"refsource": "MISC",
"url": "https://github.com/apostrophecms/sanitize-html/pull/460"
},
{
"name": "https://advisory.checkmarx.net/advisory/CX-2021-4309",
"refsource": "MISC",
"url": "https://advisory.checkmarx.net/advisory/CX-2021-4309"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26540",
"datePublished": "2021-02-08T16:16:07",
"dateReserved": "2021-02-01T00:00:00",
"dateUpdated": "2024-08-03T20:26:25.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-26540\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-02-08T17:15:13.737\",\"lastModified\":\"2021-04-01T15:02:12.757\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \\\"allowedIframeHostnames\\\" option when the \\\"allowIframeRelativeUrls\\\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \\\"/\\\\\\\\example.com\\\".\"},{\"lang\":\"es\",\"value\":\"Apostrophe Technologies sanitize-html versiones anteriores a 2.3.2 no comprueba correctamente los nombres de host establecidos por la opci\u00f3n \\\"allowedIframeHostnames\\\" cuando \\\"allowIframeRelativeUrls\\\" se establece en true, lo que permite a atacantes omitir la lista blanca de nombres de host para el elemento iframe, relacionado con un valor src que comienza con \\\"/\\\\\\\\example.com\\\"\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apostrophecms:sanitize-html:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"2.3.2\",\"matchCriteriaId\":\"1366C9FC-2776-4497-90A4-4B117CB54561\"}]}]}],\"references\":[{\"url\":\"https://advisory.checkmarx.net/advisory/CX-2021-4309\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apostrophecms/sanitize-html/pull/460\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
rhsa-2021_2438
Vulnerability from csaf_redhat
Published
2021-07-27 22:30
Modified
2021-07-27 22:30
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.8.2 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.8.2 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.2. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2437
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
Security Fix(es):
* SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183)
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
* etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)
* etcd: DoS in wal/wal.go (CVE-2020-15112)
* etcd: directories created via os.MkdirAll are not checked for permissions (CVE-2020-15113)
* etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS (CVE-2020-15114)
* etcd: no authentication is performed against endpoints provided in the --endpoints flag (CVE-2020-15136)
* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
* containers/storage: DoS via malicious image (CVE-2021-20291)
* prometheus: open redirect under the /new endpoint (CVE-2021-29622)
* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)
* go.elastic.co/apm: leaks sensitive HTTP headers during panic (CVE-2021-22133)
Space precludes listing in detail the following additional CVEs fixes: (CVE-2021-27292), (CVE-2021-28092), (CVE-2021-29059), (CVE-2021-23382), (CVE-2021-26539), (CVE-2021-26540), (CVE-2021-23337), (CVE-2021-23362) and (CVE-2021-23368)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-x86_64
The image digest is ssha256:0e82d17ababc79b10c10c5186920232810aeccbccf2a74c691487090a2c98ebc
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-s390x
The image digest is sha256:a284c5c3fa21b06a6a65d82be1dc7e58f378aa280acd38742fb167a26b91ecb5
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-ppc64le
The image digest is sha256:da989b8e28bccadbb535c2b9b7d3597146d14d254895cd35f544774f374cdd0f
All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.8.2 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.8.2. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:2437\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nSecurity Fix(es):\n\n* SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)\n\n* etcd: DoS in wal/wal.go (CVE-2020-15112)\n\n* etcd: directories created via os.MkdirAll are not checked for permissions (CVE-2020-15113)\n\n* etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS (CVE-2020-15114)\n\n* etcd: no authentication is performed against endpoints provided in the --endpoints flag (CVE-2020-15136)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\n* containers/storage: DoS via malicious image (CVE-2021-20291)\n\n* prometheus: open redirect under the /new endpoint (CVE-2021-29622)\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\n* go.elastic.co/apm: leaks sensitive HTTP headers during panic (CVE-2021-22133)\n\nSpace precludes listing in detail the following additional CVEs fixes: (CVE-2021-27292), (CVE-2021-28092), (CVE-2021-29059), (CVE-2021-23382), (CVE-2021-26539), (CVE-2021-26540), (CVE-2021-23337), (CVE-2021-23362) and (CVE-2021-23368)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-x86_64\n\nThe image digest is ssha256:0e82d17ababc79b10c10c5186920232810aeccbccf2a74c691487090a2c98ebc\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-s390x\n\nThe image digest is sha256:a284c5c3fa21b06a6a65d82be1dc7e58f378aa280acd38742fb167a26b91ecb5\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-ppc64le\n\nThe image digest is sha256:da989b8e28bccadbb535c2b9b7d3597146d14d254895cd35f544774f374cdd0f\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2438",
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_2438.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.8.2 bug fix and security update",
"tracking": {
"current_release_date": "2021-07-27T22:30:00Z",
"generator": {
"date": "2023-07-01T05:02:00Z",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.18.0"
}
},
"id": "RHSA-2021:2438",
"initial_release_date": "2021-07-27T22:30:00Z",
"revision_history": [
{
"date": "2021-07-27T22:30:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.8",
"product": {
"name": "Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"category": "product_version",
"name": "openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"product": {
"name": "openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"product_id": "openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"product": {
"name": "openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"product_id": "openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"product": {
"name": "openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"product_id": "openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"product": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"product": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"product": {
"name": "openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"product_id": "openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"product": {
"name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"product_id": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"product": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"product_id": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"product": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"product_id": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"product": {
"name": "openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"product_id": "openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"product_id": "openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"product_id": "openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"product_id": "openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"product_id": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"product": {
"name": "openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"product_id": "openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"product": {
"name": "openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"product_id": "openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"product": {
"name": "openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"product_id": "openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"product_id": "openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"product_id": "openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"product_id": "openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"product_id": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"product_id": "openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"product_id": "openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"product_id": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"product_id": "openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"product_id": "openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"product_id": "openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"product_id": "openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"product_id": "openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"product_id": "openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"product_id": "openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"product_id": "openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"product_id": "openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"product_id": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"product_id": "openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"product_id": "openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"product_id": "openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"product_id": "openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"product_id": "openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"product": {
"name": "openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"product_id": "openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"product": {
"name": "openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"product_id": "openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"product": {
"name": "openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"product_id": "openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"product": {
"name": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"product_id": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"product": {
"name": "openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"product_id": "openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"product_id": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"product_id": "openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"product_id": "openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"product_id": "openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"product_id": "openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"product_id": "openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"product_id": "openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"product_id": "openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"product_id": "openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"product_id": "openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"product_id": "openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"product": {
"name": "openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"product_id": "openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"product": {
"name": "openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"product_id": "openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"product": {
"name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"product_id": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"product": {
"name": "openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"product_id": "openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"product": {
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"product_id": "openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"product": {
"name": "openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"product_id": "openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"product": {
"name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"product_id": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"product": {
"name": "openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"product_id": "openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"product": {
"name": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"product_id": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"product": {
"name": "openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"product_id": "openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"product": {
"name": "openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"product_id": "openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"product": {
"name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"product_id": "openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"product": {
"name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"product_id": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"product": {
"name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"product_id": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"product": {
"name": "openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"product_id": "openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"product": {
"name": "openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"product_id": "openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"product": {
"name": "openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"product_id": "openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"product": {
"name": "openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"product_id": "openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"product": {
"name": "openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"product_id": "openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"product": {
"name": "openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"product_id": "openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"product_id": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"product_id": "openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"product_id": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"product_id": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"product_id": "openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"product_id": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"product_id": "openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"product_id": "openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"product_id": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"product_id": "openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"product": {
"name": "openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"product_id": "openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"product": {
"name": "openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"product_id": "openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"product": {
"name": "openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"product_id": "openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"product": {
"name": "openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"product_id": "openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"product": {
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"product_id": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"product": {
"name": "openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"product_id": "openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"product": {
"name": "openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"product_id": "openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"product": {
"name": "openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"product_id": "openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"product": {
"name": "openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"product_id": "openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"product": {
"name": "openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"product_id": "openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"product": {
"name": "openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"product_id": "openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"product": {
"name": "openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"product_id": "openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"product": {
"name": "openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"product_id": "openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"product": {
"name": "openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"product_id": "openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"product": {
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"product_id": "openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"product": {
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"product_id": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"product": {
"name": "openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"product_id": "openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"product": {
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"product_id": "openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"product": {
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"product_id": "openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"product": {
"name": "openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"product_id": "openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"product": {
"name": "openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"product_id": "openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"product": {
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"product_id": "openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"product": {
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"product_id": "openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"product": {
"name": "openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"product_id": "openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"product_id": "openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"product": {
"name": "openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"product_id": "openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"product": {
"name": "openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"product_id": "openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"product": {
"name": "openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"product_id": "openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"product": {
"name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"product_id": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"product": {
"name": "openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"product_id": "openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"product": {
"name": "openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"product_id": "openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"product": {
"name": "openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"product_id": "openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"product_id": "openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"product_id": "openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"product_id": "openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"product_id": "openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"product_id": "openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"product": {
"name": "openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"product_id": "openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"product": {
"name": "openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"product_id": "openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"product": {
"name": "openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"product_id": "openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"product": {
"name": "openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"product_id": "openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"product": {
"name": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"product_id": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"product": {
"name": "openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"product_id": "openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"product": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"product_id": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"product": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"product_id": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"product_id": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"product_id": "openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"product_id": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"product_id": "openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"product": {
"name": "openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"product_id": "openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream",
"product": {
"name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream",
"product_id": "openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
}
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream"
},
"product_reference": "openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream"
},
"product_reference": "openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream"
},
"product_reference": "openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream"
},
"product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream"
},
"product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream"
},
"product_reference": "openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream"
},
"product_reference": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream"
},
"product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream"
},
"product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream"
},
"product_reference": "openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream"
},
"product_reference": "openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream"
},
"product_reference": "openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream"
},
"product_reference": "openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream"
},
"product_reference": "openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream"
},
"product_reference": "openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
},
"product_reference": "openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream"
},
"product_reference": "openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream"
},
"product_reference": "openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream"
},
"product_reference": "openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream"
},
"product_reference": "openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream"
},
"product_reference": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream"
},
"product_reference": "openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream"
},
"product_reference": "openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream"
},
"product_reference": "openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream"
},
"product_reference": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream"
},
"product_reference": "openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream"
},
"product_reference": "openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream"
},
"product_reference": "openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
},
"product_reference": "openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream"
},
"product_reference": "openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream"
},
"product_reference": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream"
},
"product_reference": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream"
},
"product_reference": "openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream"
},
"product_reference": "openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream"
},
"product_reference": "openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream"
},
"product_reference": "openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream"
},
"product_reference": "openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream"
},
"product_reference": "openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream"
},
"product_reference": "openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream"
},
"product_reference": "openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream"
},
"product_reference": "openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream"
},
"product_reference": "openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream"
},
"product_reference": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream"
},
"product_reference": "openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream"
},
"product_reference": "openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream"
},
"product_reference": "openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream"
},
"product_reference": "openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream"
},
"product_reference": "openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream"
},
"product_reference": "openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream"
},
"product_reference": "openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream"
},
"product_reference": "openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream"
},
"product_reference": "openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream"
},
"product_reference": "openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream"
},
"product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream"
},
"product_reference": "openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream"
},
"product_reference": "openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream"
},
"product_reference": "openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream"
},
"product_reference": "openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream"
},
"product_reference": "openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream"
},
"product_reference": "openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream"
},
"product_reference": "openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream"
},
"product_reference": "openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream"
},
"product_reference": "openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream"
},
"product_reference": "openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream"
},
"product_reference": "openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream"
},
"product_reference": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream"
},
"product_reference": "openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream"
},
"product_reference": "openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream"
},
"product_reference": "openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream"
},
"product_reference": "openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream"
},
"product_reference": "openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream"
},
"product_reference": "openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream"
},
"product_reference": "openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
},
"product_reference": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream"
},
"product_reference": "openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream"
},
"product_reference": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream"
},
"product_reference": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream"
},
"product_reference": "openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
},
"product_reference": "openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.8"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"OpenVPN"
]
},
{
"names": [
"Karthikeyan Bhargavan",
"Ga\u00ebtan Leurent"
],
"organization": "Inria",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-08-18T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2548661",
"url": "https://access.redhat.com/articles/2548661"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2016:1940",
"url": "https://access.redhat.com/errata/RHSA-2016:1940"
},
{
"category": "external",
"summary": "https://sweet32.info/",
"url": "https://sweet32.info/"
},
{
"category": "external",
"summary": "CVE-2016-2183",
"url": "https://access.redhat.com/security/cve/CVE-2016-2183"
},
{
"category": "external",
"summary": "bz#1369383: CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
}
],
"release_date": "2016-08-24T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0.0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-18T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)"
},
{
"cve": "CVE-2020-7774",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2020-11-17T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1898680"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n\u0027s locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-y18n: prototype pollution vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-Y18N-1021887",
"url": "https://snyk.io/vuln/SNYK-JS-Y18N-1021887"
},
{
"category": "external",
"summary": "CVE-2020-7774",
"url": "https://access.redhat.com/security/cve/CVE-2020-7774"
},
{
"category": "external",
"summary": "bz#1898680: CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898680"
}
],
"release_date": "2020-10-25T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-17T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability"
},
{
"cve": "CVE-2020-15106",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-08-06T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1868883"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found In etcd, where a large slice causes panic in the decodeRecord method. The size of a record is stored in the length field of a WAL file, and no additional validation is performed on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: Large slice causes panic in decodeRecord method",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15106",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15106"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15106",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15106"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2"
},
{
"category": "external",
"summary": "CVE-2020-15106",
"url": "https://access.redhat.com/security/cve/CVE-2020-15106"
},
{
"category": "external",
"summary": "bz#1868883: CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868883"
}
],
"release_date": "2020-08-05T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-06T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method"
},
{
"cve": "CVE-2020-15112",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-08-05T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1868872"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in etcd, where it is possible to have an entry index greater than the number of entries in the ReadAll method in wal/wal.go. This can cause issues when WAL entries are being read during consensus, as an arbitrary etcd consensus participant can go down from a runtime panic when reading the entry. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: DoS in wal/wal.go",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15112"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15112",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15112"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93"
},
{
"category": "external",
"summary": "CVE-2020-15112",
"url": "https://access.redhat.com/security/cve/CVE-2020-15112"
},
{
"category": "external",
"summary": "bz#1868872: CVE-2020-15112 etcd: DoS in wal/wal.go",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868872"
}
],
"release_date": "2020-08-06T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-05T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-15112 etcd: DoS in wal/wal.go"
},
{
"cve": "CVE-2020-15113",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-08-06T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1868870"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in etcd. Certain directory paths are created with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: directories created via os.MkdirAll are not checked for permissions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15113"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15113",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15113"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92"
},
{
"category": "external",
"summary": "CVE-2020-15113",
"url": "https://access.redhat.com/security/cve/CVE-2020-15113"
},
{
"category": "external",
"summary": "bz#1868870: CVE-2020-15113 etcd: directories created via os.MkdirAll are not checked for permissions",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868870"
}
],
"release_date": "2020-08-05T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-06T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-15113 etcd: directories created via os.MkdirAll are not checked for permissions"
},
{
"cve": "CVE-2020-15114",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-08-06T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1868874"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in etcd, where the etcd gateway is a simple TCP proxy that allows basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This issue results in a denial of service since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15114",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15114"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224"
},
{
"category": "external",
"summary": "CVE-2020-15114",
"url": "https://access.redhat.com/security/cve/CVE-2020-15114"
},
{
"category": "external",
"summary": "bz#1868874: CVE-2020-15114 etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868874"
}
],
"release_date": "2020-08-05T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-06T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-15114 etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS"
},
{
"cve": "CVE-2020-15136",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2020-08-06T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1868880"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in etcd. The gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: no authentication is performed against endpoints provided in the --endpoints flag",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15136",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15136"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15136"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q"
},
{
"category": "external",
"summary": "CVE-2020-15136",
"url": "https://access.redhat.com/security/cve/CVE-2020-15136"
},
{
"category": "external",
"summary": "bz#1868880: CVE-2020-15136 etcd: no authentication is performed against endpoints provided in the --endpoints flag",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868880"
}
],
"release_date": "2020-08-05T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-06T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-15136 etcd: no authentication is performed against endpoints provided in the --endpoints flag"
},
{
"cve": "CVE-2020-26160",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2020-09-23T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m[\"aud\"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is \"\". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jwt-go: access restriction bypass vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26160",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515"
},
{
"category": "external",
"summary": "CVE-2020-26160",
"url": "https://access.redhat.com/security/cve/CVE-2020-26160"
},
{
"category": "external",
"summary": "bz#1883371: CVE-2020-26160 jwt-go: access restriction bypass vulnerability",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371"
}
],
"release_date": "2020-09-15T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-23T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-26160 jwt-go: access restriction bypass vulnerability"
},
{
"cve": "CVE-2020-28469",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-01T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-glob-parent: Regular expression denial of service",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905",
"url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
},
{
"category": "external",
"summary": "CVE-2020-28469",
"url": "https://access.redhat.com/security/cve/CVE-2020-28469"
},
{
"category": "external",
"summary": "bz#1945459: CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
}
],
"release_date": "2021-01-12T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-01T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service"
},
{
"cve": "CVE-2020-28500",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-15T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905"
},
{
"category": "external",
"summary": "CVE-2020-28500",
"url": "https://access.redhat.com/security/cve/CVE-2020-28500"
},
{
"category": "external",
"summary": "bz#1928954: CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
}
],
"release_date": "2021-02-15T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-15T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions"
},
{
"cve": "CVE-2020-28852",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-02T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in golang.org. In x/text, a \"slice bounds out of range\" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852"
},
{
"category": "external",
"summary": "CVE-2020-28852",
"url": "https://access.redhat.com/security/cve/CVE-2020-28852"
},
{
"category": "external",
"summary": "bz#1913338: CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
}
],
"release_date": "2021-01-02T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-02T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag"
},
{
"cve": "CVE-2021-3114",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2021-01-21T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: incorrect operations on the P-224 curve",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
"url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
},
{
"category": "external",
"summary": "CVE-2021-3114",
"url": "https://access.redhat.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "bz#1918750: CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
}
],
"release_date": "2021-01-20T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve"
},
{
"cve": "CVE-2021-3121",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-28T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
},
{
"category": "external",
"summary": "CVE-2021-3121",
"url": "https://access.redhat.com/security/cve/CVE-2021-3121"
},
{
"category": "external",
"summary": "bz#1921650: CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
}
],
"release_date": "2021-01-11T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T00:00:00Z",
"details": "Important"
}
],
"title": "CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation"
},
{
"acknowledgments": [
{
"names": [
"Casey Callendrello"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-20206",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2021-01-22T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206"
},
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://access.redhat.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "bz#1919391: CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
}
],
"release_date": "2021-02-05T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-22T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration"
},
{
"acknowledgments": [
{
"names": [
"Aviv Sasson"
],
"organization": "Palo Alto Networks"
}
],
"cve": "CVE-2021-20291",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"discovery_date": "2021-03-12T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1939485"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A deadlock vulnerability was found in `github.com/containers/storage`. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containers/storage: DoS via malicious image",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20291"
},
{
"category": "external",
"summary": "https://unit42.paloaltonetworks.com/cve-2021-20291/",
"url": "https://unit42.paloaltonetworks.com/cve-2021-20291/"
},
{
"category": "external",
"summary": "CVE-2021-20291",
"url": "https://access.redhat.com/security/cve/CVE-2021-20291"
},
{
"category": "external",
"summary": "bz#1939485: CVE-2021-20291 containers/storage: DoS via malicious image",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939485"
}
],
"release_date": "2021-04-01T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-12T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-20291 containers/storage: DoS via malicious image"
},
{
"cve": "CVE-2021-22133",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2021-03-24T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1942553"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in the Elastic APM agent for Go in several versions, where it can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic, it is possible the headers will not be sanitized before being sent. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go.elastic.co/apm: leaks sensitive HTTP headers during panic",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-22133",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22133"
},
{
"category": "external",
"summary": "https://discuss.elastic.co/t/elastic-apm-agent-for-go-1-11-0-security-update/263252",
"url": "https://discuss.elastic.co/t/elastic-apm-agent-for-go-1-11-0-security-update/263252"
},
{
"category": "external",
"summary": "CVE-2021-22133",
"url": "https://access.redhat.com/security/cve/CVE-2021-22133"
},
{
"category": "external",
"summary": "bz#1942553: CVE-2021-22133 go.elastic.co/apm: leaks sensitive HTTP headers during panic",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942553"
}
],
"release_date": "2021-02-04T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T00:00:00Z",
"details": "Low"
}
],
"title": "CVE-2021-22133 go.elastic.co/apm: leaks sensitive HTTP headers during panic"
},
{
"cve": "CVE-2021-23337",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2021-02-15T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: command injection via template",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
},
{
"category": "external",
"summary": "CVE-2021-23337",
"url": "https://access.redhat.com/security/cve/CVE-2021-23337"
},
{
"category": "external",
"summary": "bz#1928937: CVE-2021-23337 nodejs-lodash: command injection via template",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
}
],
"release_date": "2021-02-15T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-15T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-23337 nodejs-lodash: command injection via template"
},
{
"cve": "CVE-2021-23362",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-03-25T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1943208"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression (regexp) function, `shortcutMatch` or `fromUrl`, then an attacker could craft a regexp which takes an ever increasing amount of time to process, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23362"
},
{
"category": "external",
"summary": "CVE-2021-23362",
"url": "https://access.redhat.com/security/cve/CVE-2021-23362"
},
{
"category": "external",
"summary": "bz#1943208: CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943208"
}
],
"release_date": "2021-03-23T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-25T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()"
},
{
"cve": "CVE-2021-23368",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-12T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1948763"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss`. When parsing a supplied CSS string, if it contains an unexpected value then as the supplied CSS grows in length it will take an ever increasing amount of time to process. An attacker can use this vulnerability to potentially craft a malicious a long CSS value to process resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-postcss: Regular expression denial of service during source map parsing",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23368"
},
{
"category": "external",
"summary": "CVE-2021-23368",
"url": "https://access.redhat.com/security/cve/CVE-2021-23368"
},
{
"category": "external",
"summary": "bz#1948763: CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948763"
}
],
"release_date": "2021-04-12T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-12T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing"
},
{
"cve": "CVE-2021-23382",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-26T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1954150"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss` when using getAnnotationURL() or loadAnnotation() options in lib/previous-map.js. An attacker can use this vulnerability to potentially craft a malicious CSS to process resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23382"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640",
"url": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640"
},
{
"category": "external",
"summary": "CVE-2021-23382",
"url": "https://access.redhat.com/security/cve/CVE-2021-23382"
},
{
"category": "external",
"summary": "bz#1954150: CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954150"
}
],
"release_date": "2021-04-26T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-26T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js"
},
{
"cve": "CVE-2021-26539",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-02-08T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1932362"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the \"allowedIframeHostnames\" option.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-26539",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26539"
},
{
"category": "external",
"summary": "CVE-2021-26539",
"url": "https://access.redhat.com/security/cve/CVE-2021-26539"
},
{
"category": "external",
"summary": "bz#1932362: CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932362"
}
],
"release_date": "2021-01-22T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-08T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation"
},
{
"cve": "CVE-2021-26540",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-02-08T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1932323"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-26540",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26540"
},
{
"category": "external",
"summary": "CVE-2021-26540",
"url": "https://access.redhat.com/security/cve/CVE-2021-26540"
},
{
"category": "external",
"summary": "bz#1932323: CVE-2021-26540 sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932323"
}
],
"release_date": "2021-01-26T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-08T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-26540 sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element"
},
{
"cve": "CVE-2021-27292",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-03-17T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27292"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292"
},
{
"category": "external",
"summary": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76",
"url": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76"
},
{
"category": "external",
"summary": "CVE-2021-27292",
"url": "https://access.redhat.com/security/cve/CVE-2021-27292"
},
{
"category": "external",
"summary": "bz#1940613: CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613"
}
],
"release_date": "2021-02-11T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-17T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header"
},
{
"cve": "CVE-2021-28092",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-03-12T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in is-svg package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS).\r\nThe highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-is-svg: ReDoS via malicious string",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092"
},
{
"category": "external",
"summary": "CVE-2021-28092",
"url": "https://access.redhat.com/security/cve/CVE-2021-28092"
},
{
"category": "external",
"summary": "bz#1939103: CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103"
}
],
"release_date": "2021-03-11T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-12T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string"
},
{
"cve": "CVE-2021-29059",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-06-22T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1974839"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in IS-SVG where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29059",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29059"
},
{
"category": "external",
"summary": "CVE-2021-29059",
"url": "https://access.redhat.com/security/cve/CVE-2021-29059"
},
{
"category": "external",
"summary": "bz#1974839: CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974839"
}
],
"release_date": "2021-06-21T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-22T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string"
},
{
"cve": "CVE-2021-29622",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2021-05-19T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1962718"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "An open redirect vulnerability was found in Prometheus. By specially crafted URL and a /new endpoint, an attacker can redirect user to any other URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus: open redirect under the /new endpoint",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29622",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29622"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29622",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29622"
},
{
"category": "external",
"summary": "CVE-2021-29622",
"url": "https://access.redhat.com/security/cve/CVE-2021-29622"
},
{
"category": "external",
"summary": "bz#1962718: CVE-2021-29622 prometheus: open redirect under the /new endpoint",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962718"
}
],
"release_date": "2021-05-18T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-05-19T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-29622 prometheus: open redirect under the /new endpoint"
},
{
"cve": "CVE-2021-33194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-05-20T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1963232"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in golang. An attacker can craft an input to ParseFragment within parse.go that would cause it to enter an infinite loop and never return. The greatest threat to the system is of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: x/net/html: infinite loop in ParseFragment",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4/driver-toolkit-rhel8:v4.8.0-202107210116.p0.git.37de0e6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/egress-router-cni-rhel8:v4.8.0-202106291913.p0.git.016bea1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/network-tools-rhel8:v4.8.0-202106291913.p0.git.5ac3739.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d1fe616.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.8.0-202106291913.p0.git.8c036e4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-machine-controllers:v4.8.0-202107131617.p0.git.4c66f3d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.8.0-202107081650.p0.git.2b8eee2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.d3a3c29.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-disk-csi-driver-rhel8:v4.8.0-202106291913.p0.git.2d461b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-azure-machine-controllers:v4.8.0-202106291913.p0.git.8301076.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-installer-rhel8:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-machine-controllers:v4.8.0-202106291913.p0.git.a60d493.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-rhel8-operator:v4.8.0-202106291913.p0.git.015024f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-baremetal-runtimecfg-rhel8:v4.8.0-202106291913.p0.git.c8b1456.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli-artifacts:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cli:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cloud-credential-operator:v4.8.0-202106291913.p0.git.b8932e9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-authentication-operator:v4.8.0-202106302318.p0.git.0ec8dd7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler-operator:v4.8.0-202106291913.p0.git.fdae5ba.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-autoscaler:v4.8.0-202107152024.p0.git.7bbde4c.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202106291913.p0.git.04a2ae2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-bootstrap:v4.8.0-202106291913.p0.git.1af395b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-config-operator:v4.8.0-202106291913.p0.git.c102241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.8.0-202106291913.p0.git.07b3f81.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-dns-operator:v4.8.0-202107010313.p0.git.fdb2ebe.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-etcd-rhel8-operator:v4.8.0-202106291913.p0.git.300bdf3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-image-registry-operator:v4.8.0-202106291913.p0.git.f09049a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-ingress-operator:v4.8.0-202106291913.p0.git.e9e6295.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-apiserver-operator:v4.8.0-202106291913.p0.git.d928754.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-controller-manager-operator:v4.8.0-202107141920.p0.git.9dc35db.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-scheduler-operator:v4.8.0-202106291913.p0.git.170a5a6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.8.0-202106291913.p0.git.c4f4f8b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-machine-approver:v4.8.0-202106291913.p0.git.724abd2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-monitoring-operator:v4.8.0-202107151437.p0.git.5cfe241.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-network-operator:v4.8.0-202106291913.p0.git.a5ebd1e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-apiserver-operator:v4.8.0-202106291913.p0.git.683d004.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-openshift-controller-manager-operator:v4.8.0-202106291913.p0.git.286c157.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-policy-controller-rhel8:v4.8.0-202106291913.p0.git.ec46ea5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-samples-operator:v4.8.0-202107152024.p0.git.31fb491.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-storage-operator:v4.8.0-202106291913.p0.git.0775fb6.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-update-keys:v4.8.0-202106152230.p0.git.87835b7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-cluster-version-operator:v4.8.0-202106291913.p0.git.ea6e779.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-configmap-reloader:v4.8.0-202106291913.p0.git.abc5c26.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console-operator:v4.8.0-202106291913.p0.git.b5cf3e0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-container-networking-plugins-rhel8:v4.8.0-202106291913.p0.git.a8801b0.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-coredns:v4.8.0-202106291913.p0.git.642b46e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8-operator:v4.8.0-202106291913.p0.git.7e86252.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-manila-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-driver-nfs-rhel8:v4.8.0-202106291913.p0.git.9404d34.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher-rhel8:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-attacher:v4.8.0-202106291913.p0.git.596da63.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner-rhel8:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-provisioner:v4.8.0-202106291913.p0.git.3ea7e68.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer-rhel8:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-resizer:v4.8.0-202106291913.p0.git.b5dd2b3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-external-snapshotter:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe-rhel8:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-livenessprobe:v4.8.0-202106291913.p0.git.a29b115.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar-rhel8:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-node-driver-registrar:v4.8.0-202106291913.p0.git.0519730.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-controller:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.8.0-202106291913.p0.git.1e2cca9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-deployer:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-builder:v4.8.0-202107152024.p0.git.70b7b95.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-docker-registry:v4.8.0-202106291913.p0.git.a87e6c5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.34db56e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.35ebe86.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.8.0-202106291913.p0.git.0b61889.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-grafana:v4.8.0-202106291913.p0.git.b987e4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-haproxy-router:v4.8.0-202106291913.p0.git.207d546.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-hyperkube:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-insights-rhel8-operator:v4.8.0-202106291913.p0.git.2040a71.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer-artifacts:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-installer:v4.8.0-202106291913.p0.git.a5ddd2d.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.8.0-202107191801.p0.git.61c4cc7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-inspector-rhel8:v4.8.0-202107191302.p0.git.9aafd07.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-ipa-downloader-rhel8:v4.8.0-202107152024.p0.git.ba87832.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.8.0-202107152024.p0.git.71967e7.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-rhel8:v4.8.0-202107191302.p0.git.227b76b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ironic-static-ip-manager-rhel8:v4.8.0-202107152024.p0.git.d2e40e3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-base:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-maven:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-jenkins:v4.8.0-202106291913.p0.git.6c68667.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-k8s-prometheus-adapter:v4.8.0-202106291913.p0.git.2856bc2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-keepalived-ipfailover:v4.8.0-202106152230.p0.git.ad38e11.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-proxy:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-state-metrics:v4.8.0-202106291913.p0.git.9471662.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kube-storage-version-migrator-rhel8:v4.8.0-202106291913.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-cni-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-kuryr-controller-rhel8:v4.8.0-202107191610.p0.git.8a4c2d8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-libvirt-machine-controllers:v4.8.0-202106291913.p0.git.1a48d4b.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-api-operator:v4.8.0-202107091016.p0.git.1155220.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-machine-config-operator:v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-mdns-publisher-rhel8:v4.8.0-202106291913.p0.git.2c42cc4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-admission-controller:v4.8.0-202106291913.p0.git.a7312f5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-cni:v4.8.0-202106291913.p0.git.0c97234.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-networkpolicy-rhel8:v4.8.0-202106291913.p0.git.187ad91.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-route-override-cni-rhel8:v4.8.0-202107152024.p0.git.1662c3e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.8.0-202107152024.p0.git.9a05258.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-must-gather:v4.8.0-202106291913.p0.git.cc7e2a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-network-metrics-daemon-rhel8:v4.8.0-202106291913.p0.git.f02c63a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-apiserver-rhel8:v4.8.0-202106291913.p0.git.09435a5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-proxy:v4.8.0-202107152024.p0.git.3fc0d89.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-oauth-server-rhel8:v4.8.0-202106291913.p0.git.374e2ee.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-apiserver-rhel8:v4.8.0-202106291913.p0.git.3949869.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-controller-manager-rhel8:v4.8.0-202106291913.p0.git.2e25328.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openshift-state-metrics-rhel8:v4.8.0-202106291913.p0.git.1014291.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.1184ace.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.8.0-202106291913.p0.git.3579ead.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-openstack-machine-controllers:v4.8.0-202106291913.p0.git.3024c78.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-lifecycle-manager:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-marketplace:v4.8.0-202106291913.p0.git.e39ff59.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-operator-registry:v4.8.0-202107160028.p0.git.2b803dd.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovirt-machine-controllers-rhel8:v4.8.0-202106291913.p0.git.86c1675.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-ovn-kubernetes:v4.8.0-202106291913.p0.git.dbc67b5.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-pod:v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prom-label-proxy:v4.8.0-202106291913.p0.git.2faeb40.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-alertmanager:v4.8.0-202106291913.p0.git.7b5ac87.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-config-reloader:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-node-exporter:v4.8.0-202106291913.p0.git.c926449.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus-operator:v4.8.0-202106291913.p0.git.9d679a1.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-prometheus:v4.8.0-202106291913.p0.git.f3beb88.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-sdn-rhel8:v4.8.0-202106291913.p0.git.00d84a9.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-service-ca-operator:v4.8.0-202107131132.p0.git.bcc6df4.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-telemeter:v4.8.0-202106291913.p0.git.d6ceb8a.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tests:v4.8.0-202107131424.p0.git.0d958c3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-tools-rhel8:v4.8.0-202106291725.p0.git.1077b05.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.8.0-202106291913.p0.git.edbdd69.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.8.0-202106291913.p0.git.dd5345e.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ose-vsphere-problem-detector-rhel8:v4.8.0-202106291913.p0.git.bf6f4fa.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel7:v4.8.0-202106291913.p0.git.b1d4ec3.assembly.stream",
"8Base-RHOSE-4.8:openshift4/ovirt-csi-driver-rhel8-operator:v4.8.0-202106291913.p0.git.7b6cd3d.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ"
},
{
"category": "external",
"summary": "CVE-2021-33194",
"url": "https://access.redhat.com/security/cve/CVE-2021-33194"
},
{
"category": "external",
"summary": "bz#1963232: CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963232"
}
],
"release_date": "2021-05-20T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:2438"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4/ose-cluster-node-tuning-operator:v4.8.0-202107091725.p0.git.6be3f67.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-05-20T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment"
}
]
}
rhsa-2021_3759
Vulnerability from csaf_redhat
Published
2021-10-18 17:26
Modified
2021-10-18 17:26
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.9.0 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.0. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:3758
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation (CVE-2021-26539)
* sanitize-html: improper validation of hostnames set by the "allowedIframeHostnames" option can lead to bypass hostname whitelist for iframe element (CVE-2021-26540)
* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
* nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string (CVE-2021-29059)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* helm: information disclosure vulnerability (CVE-2021-32690)
* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-x86_64
The image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-s390x
The image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-ppc64le
The image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61
All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.9.0. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:3758\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation (CVE-2021-26539)\n\n* sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element (CVE-2021-26540)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string (CVE-2021-29059)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-x86_64\n\nThe image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-s390x\n\nThe image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-ppc64le\n\nThe image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:3759",
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3759.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.9.0 bug fix and security update",
"tracking": {
"current_release_date": "2021-10-18T17:26:00Z",
"generator": {
"date": "2023-07-01T05:08:00Z",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.18.0"
}
},
"id": "RHSA-2021:3759",
"initial_release_date": "2021-10-18T17:26:00Z",
"revision_history": [
{
"date": "2021-10-18T17:26:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.9",
"product": {
"name": "Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"category": "product_version",
"name": "openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"product": {
"name": "openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"product_id": "openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"product": {
"name": "openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"product_id": "openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"product": {
"name": "openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"product_id": "openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"product": {
"name": "openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"product_id": "openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"product": {
"name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"product_id": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"product": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"product": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"product": {
"name": "openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"product_id": "openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"product": {
"name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"product_id": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"product": {
"name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"product_id": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"product": {
"name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"product_id": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"product": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"product_id": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"product": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"product_id": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"product": {
"name": "openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"product_id": "openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"product_id": "openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"product_id": "openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"product_id": "openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"product_id": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product": {
"name": "openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product_id": "openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product": {
"name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product_id": "openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product": {
"name": "openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product_id": "openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product": {
"name": "openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product_id": "openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"product": {
"name": "openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"product_id": "openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"product_id": "openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"product_id": "openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"product_id": "openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"product_id": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"product_id": "openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"product_id": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"product_id": "openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"product_id": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"product_id": "openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"product_id": "openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"product_id": "openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"product_id": "openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"product_id": "openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"product_id": "openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"product_id": "openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"product_id": "openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"product_id": "openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"product_id": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"product_id": "openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"product_id": "openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"product_id": "openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"product_id": "openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"product_id": "openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"product": {
"name": "openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"product_id": "openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"product": {
"name": "openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"product_id": "openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"product": {
"name": "openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"product_id": "openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8"
}
},
{
"category": "product_version",
"name": "openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"product": {
"name": "openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"product_id": "openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"product": {
"name": "openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"product_id": "openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"product": {
"name": "openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"product_id": "openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"product_id": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"product_id": "openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"product_id": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"product_id": "openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"product_id": "openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"product_id": "openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"product_id": "openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"product_id": "openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"product_id": "openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"product": {
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"product_id": "openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"product": {
"name": "openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"product_id": "openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"product": {
"name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"product_id": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product": {
"name": "openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product_id": "openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"product": {
"name": "openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"product_id": "openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"product": {
"name": "openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"product_id": "openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"product": {
"name": "openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"product_id": "openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"product": {
"name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"product_id": "openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"product": {
"name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"product_id": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"product": {
"name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"product_id": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"product": {
"name": "openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"product_id": "openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"product": {
"name": "openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"product_id": "openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"product": {
"name": "openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"product_id": "openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"product": {
"name": "openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"product_id": "openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"product": {
"name": "openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"product_id": "openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"product": {
"name": "openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"product_id": "openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"product_id": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"product_id": "openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"product_id": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"product_id": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"product_id": "openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"product_id": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"product_id": "openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"product_id": "openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"product_id": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"product_id": "openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"product": {
"name": "openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"product_id": "openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"product": {
"name": "openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"product_id": "openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"product": {
"name": "openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"product_id": "openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"product": {
"name": "openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"product_id": "openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"product": {
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"product_id": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"product": {
"name": "openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"product_id": "openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"product": {
"name": "openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"product_id": "openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"product": {
"name": "openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"product_id": "openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"product": {
"name": "openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"product_id": "openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"product": {
"name": "openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"product_id": "openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"product": {
"name": "openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"product_id": "openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"product": {
"name": "openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"product_id": "openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"product": {
"name": "openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"product_id": "openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"product": {
"name": "openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"product_id": "openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"product": {
"name": "openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"product_id": "openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"product": {
"name": "openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"product_id": "openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"product": {
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"product_id": "openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"product": {
"name": "openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"product_id": "openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"product": {
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"product_id": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"product": {
"name": "openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"product_id": "openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"product": {
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"product_id": "openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"product": {
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"product_id": "openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"product": {
"name": "openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"product_id": "openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"product": {
"name": "openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"product_id": "openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"product": {
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"product_id": "openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"product": {
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"product_id": "openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"product": {
"name": "openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"product_id": "openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"product_id": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"product_id": "openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"product": {
"name": "openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"product_id": "openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"product": {
"name": "openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"product_id": "openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"product": {
"name": "openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"product_id": "openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"product": {
"name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"product_id": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"product": {
"name": "openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"product_id": "openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"product": {
"name": "openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"product_id": "openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"product": {
"name": "openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"product_id": "openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"product_id": "openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"product_id": "openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"product_id": "openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"product_id": "openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"product_id": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"product": {
"name": "openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"product_id": "openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"product": {
"name": "openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"product_id": "openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"product": {
"name": "openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"product_id": "openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"product": {
"name": "openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"product_id": "openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"product": {
"name": "openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"product_id": "openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product": {
"name": "openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"product_id": "openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"product": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"product_id": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"product": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"product_id": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"product_id": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"product_id": "openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"product_id": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"product_id": "openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"product": {
"name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"product_id": "openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream",
"product": {
"name": "openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream",
"product_id": "openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
}
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream"
},
"product_reference": "openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream"
},
"product_reference": "openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream"
},
"product_reference": "openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream"
},
"product_reference": "openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream"
},
"product_reference": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream"
},
"product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream"
},
"product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream"
},
"product_reference": "openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream"
},
"product_reference": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream"
},
"product_reference": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream"
},
"product_reference": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream"
},
"product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream"
},
"product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream"
},
"product_reference": "openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
},
"product_reference": "openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
},
"product_reference": "openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
},
"product_reference": "openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
},
"product_reference": "openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream"
},
"product_reference": "openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream"
},
"product_reference": "openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream"
},
"product_reference": "openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8 as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8"
},
"product_reference": "openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream"
},
"product_reference": "openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream"
},
"product_reference": "openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream"
},
"product_reference": "openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream"
},
"product_reference": "openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream"
},
"product_reference": "openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream"
},
"product_reference": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
},
"product_reference": "openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream"
},
"product_reference": "openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream"
},
"product_reference": "openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
},
"product_reference": "openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream"
},
"product_reference": "openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream"
},
"product_reference": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream"
},
"product_reference": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream"
},
"product_reference": "openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream"
},
"product_reference": "openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream"
},
"product_reference": "openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream"
},
"product_reference": "openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream"
},
"product_reference": "openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream"
},
"product_reference": "openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream"
},
"product_reference": "openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream"
},
"product_reference": "openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream"
},
"product_reference": "openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream"
},
"product_reference": "openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream"
},
"product_reference": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream"
},
"product_reference": "openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream"
},
"product_reference": "openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream"
},
"product_reference": "openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream"
},
"product_reference": "openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream"
},
"product_reference": "openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream"
},
"product_reference": "openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream"
},
"product_reference": "openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream"
},
"product_reference": "openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream"
},
"product_reference": "openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream"
},
"product_reference": "openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream"
},
"product_reference": "openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream"
},
"product_reference": "openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream"
},
"product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream"
},
"product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream"
},
"product_reference": "openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream"
},
"product_reference": "openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream"
},
"product_reference": "openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream"
},
"product_reference": "openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream"
},
"product_reference": "openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream"
},
"product_reference": "openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream"
},
"product_reference": "openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream"
},
"product_reference": "openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream"
},
"product_reference": "openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream"
},
"product_reference": "openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream"
},
"product_reference": "openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream"
},
"product_reference": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream"
},
"product_reference": "openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream"
},
"product_reference": "openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream"
},
"product_reference": "openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream"
},
"product_reference": "openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream"
},
"product_reference": "openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream"
},
"product_reference": "openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream"
},
"product_reference": "openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream"
},
"product_reference": "openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream"
},
"product_reference": "openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream"
},
"product_reference": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream"
},
"product_reference": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream"
},
"product_reference": "openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
},
"product_reference": "openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3121",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-28T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
},
{
"category": "external",
"summary": "CVE-2021-3121",
"url": "https://access.redhat.com/security/cve/CVE-2021-3121"
},
{
"category": "external",
"summary": "bz#1921650: CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
}
],
"release_date": "2021-01-11T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T00:00:00Z",
"details": "Important"
}
],
"title": "CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation"
},
{
"cve": "CVE-2021-26539",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-02-08T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1932362"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the \"allowedIframeHostnames\" option.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-26539",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26539"
},
{
"category": "external",
"summary": "CVE-2021-26539",
"url": "https://access.redhat.com/security/cve/CVE-2021-26539"
},
{
"category": "external",
"summary": "bz#1932362: CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932362"
}
],
"release_date": "2021-01-22T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-08T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation"
},
{
"cve": "CVE-2021-26540",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-02-08T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1932323"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-26540",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26540"
},
{
"category": "external",
"summary": "CVE-2021-26540",
"url": "https://access.redhat.com/security/cve/CVE-2021-26540"
},
{
"category": "external",
"summary": "bz#1932323: CVE-2021-26540 sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932323"
}
],
"release_date": "2021-01-26T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-08T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-26540 sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element"
},
{
"cve": "CVE-2021-28092",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-03-12T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in is-svg package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS).\r\nThe highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-is-svg: ReDoS via malicious string",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092"
},
{
"category": "external",
"summary": "CVE-2021-28092",
"url": "https://access.redhat.com/security/cve/CVE-2021-28092"
},
{
"category": "external",
"summary": "bz#1939103: CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103"
}
],
"release_date": "2021-03-11T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-12T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string"
},
{
"cve": "CVE-2021-29059",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-06-22T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1974839"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in IS-SVG where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29059",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29059"
},
{
"category": "external",
"summary": "CVE-2021-29059",
"url": "https://access.redhat.com/security/cve/CVE-2021-29059"
},
{
"category": "external",
"summary": "bz#1974839: CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974839"
}
],
"release_date": "2021-06-21T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-22T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-05-06T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
},
{
"category": "external",
"summary": "CVE-2021-31525",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "bz#1958341: CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
}
],
"release_date": "2021-04-22T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-05-06T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-32690",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-06-17T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1978144"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A vulnerability was discovered in Helm, which could allow credentials associated with one Helm repository to be leaked to another repository referenced by the first one. In order to exploit this vulnerability, an attacker would need to control a repository trusted by the configuration of the target Helm instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-32690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32690"
},
{
"category": "external",
"summary": "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf",
"url": "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf"
},
{
"category": "external",
"summary": "CVE-2021-32690",
"url": "https://access.redhat.com/security/cve/CVE-2021-32690"
},
{
"category": "external",
"summary": "bz#1978144: information disclosure vulnerability",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978144"
}
],
"release_date": "2021-06-16T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-17T00:00:00Z",
"details": "Moderate"
}
],
"title": "information disclosure vulnerability"
},
{
"cve": "CVE-2021-33194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-05-20T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1963232"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in golang. An attacker can craft an input to ParseFragment within parse.go that would cause it to enter an infinite loop and never return. The greatest threat to the system is of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: x/net/html: infinite loop in ParseFragment",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ"
},
{
"category": "external",
"summary": "CVE-2021-33194",
"url": "https://access.redhat.com/security/cve/CVE-2021-33194"
},
{
"category": "external",
"summary": "bz#1963232: CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963232"
}
],
"release_date": "2021-05-20T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-05-20T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment"
},
{
"cve": "CVE-2021-33195",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: lookup functions may return invalid host names",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
},
{
"category": "external",
"summary": "CVE-2021-33195",
"url": "https://access.redhat.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "bz#1989564: CVE-2021-33195 golang: net: lookup functions may return invalid host names",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
}
],
"release_date": "2021-05-18T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-02T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-33195 golang: net: lookup functions may return invalid host names"
},
{
"cve": "CVE-2021-33197",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
},
{
"category": "external",
"summary": "CVE-2021-33197",
"url": "https://access.redhat.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "bz#1989570: CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
}
],
"release_date": "2021-05-21T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-02T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty"
},
{
"cve": "CVE-2021-33198",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-02T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
},
{
"category": "external",
"summary": "CVE-2021-33198",
"url": "https://access.redhat.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "bz#1989575: CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
}
],
"release_date": "2021-03-10T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-02T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream",
"8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream",
"8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
},
{
"category": "external",
"summary": "CVE-2021-34558",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "bz#1983596: CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
}
],
"release_date": "2021-07-13T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-14T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
}
]
}
gsd-2021-26540
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-26540",
"description": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\".",
"id": "GSD-2021-26540",
"references": [
"https://access.redhat.com/errata/RHSA-2021:3759",
"https://access.redhat.com/errata/RHSA-2021:2438"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-26540"
],
"details": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\".",
"id": "GSD-2021-26540",
"modified": "2023-12-13T01:23:33.347763Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26",
"refsource": "MISC",
"url": "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26"
},
{
"name": "https://github.com/apostrophecms/sanitize-html/pull/460",
"refsource": "MISC",
"url": "https://github.com/apostrophecms/sanitize-html/pull/460"
},
{
"name": "https://advisory.checkmarx.net/advisory/CX-2021-4309",
"refsource": "MISC",
"url": "https://advisory.checkmarx.net/advisory/CX-2021-4309"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.3.2",
"affected_versions": "All versions before 2.3.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2021-04-01",
"description": "sanitize-html does not properly validate the hostnames set by the `allowedIframeHostnames` option when the `allowIframeRelativeUrls` is set to true, which allows attackers to bypass the hostname allow list for an iframe element.",
"fixed_versions": [
"2.3.2"
],
"identifier": "CVE-2021-26540",
"identifiers": [
"CVE-2021-26540"
],
"not_impacted": "All versions starting from 2.3.2",
"package_slug": "npm/sanitize-html",
"pubdate": "2021-02-08",
"solution": "Upgrade to version 2.3.2 or above.",
"title": "Origin Validation Error",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-26540"
],
"uuid": "1e00e846-7301-49bb-8b74-007e58885922"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apostrophecms:sanitize-html:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26540"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26"
},
{
"name": "https://github.com/apostrophecms/sanitize-html/pull/460",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/apostrophecms/sanitize-html/pull/460"
},
{
"name": "https://advisory.checkmarx.net/advisory/CX-2021-4309",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2021-4309"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2021-04-01T15:02Z",
"publishedDate": "2021-02-08T17:15Z"
}
}
}
ghsa-mjxr-4v3x-q3m4
Vulnerability from github
Published
2021-05-06 16:10
Modified
2021-03-29 23:13
Severity
Summary
Improper Input Validation in sanitize-html
Details
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\example.com".
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "sanitize-html"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-26540"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-29T23:13:11Z",
"nvd_published_at": "2021-02-08T17:15:00Z",
"severity": "MODERATE"
},
"details": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\".",
"id": "GHSA-mjxr-4v3x-q3m4",
"modified": "2021-03-29T23:13:11Z",
"published": "2021-05-06T16:10:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26540"
},
{
"type": "WEB",
"url": "https://github.com/apostrophecms/sanitize-html/pull/460"
},
{
"type": "WEB",
"url": "https://advisory.checkmarx.net/advisory/CX-2021-4309"
},
{
"type": "WEB",
"url": "https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Input Validation in sanitize-html"
}
Loading...