Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-29482 (GCVE-0-2021-29482)
Vulnerability from cvelistv5 – Published: 2021-04-28 18:15 – Updated: 2024-08-03 22:11
VLAI
EPSS
Title
denial of service in github.com/ulikunitz/xz
Summary
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated.
Severity
7.5 (High)
CWE
- CWE-835 - {"CWE-835":"Loop with Unreachable Exit Condition ('Infinite Loop')"}
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ulikunitz/xz/security/advisori… | x_refsource_CONFIRM |
| https://github.com/ulikunitz/xz/commit/69c6093c7b… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xz",
"vendor": "ulikunitz",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "{\"CWE-835\":\"Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T18:15:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b"
}
],
"source": {
"advisory": "GHSA-25xm-hr59-7c27",
"discovery": "UNKNOWN"
},
"title": "denial of service in github.com/ulikunitz/xz",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29482",
"STATE": "PUBLIC",
"TITLE": "denial of service in github.com/ulikunitz/xz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xz",
"version": {
"version_data": [
{
"version_value": "\u003c 0.5.8"
}
]
}
}
]
},
"vendor_name": "ulikunitz"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-835\":\"Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27",
"refsource": "CONFIRM",
"url": "https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27"
},
{
"name": "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b",
"refsource": "MISC",
"url": "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b"
}
]
},
"source": {
"advisory": "GHSA-25xm-hr59-7c27",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29482",
"datePublished": "2021-04-28T18:15:15.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:05.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-29482",
"date": "2026-05-29",
"epss": "0.00433",
"percentile": "0.63008"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xz_project:xz:*:*:*:*:*:go:*:*\", \"versionEndExcluding\": \"0.5.8\", \"matchCriteriaId\": \"7BD33BAB-9C3D-43FF-B75B-D71DFB85DB88\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated.\"}, {\"lang\": \"es\", \"value\": \"xz es una biblioteca de compresi\\u00f3n y descompresi\\u00f3n que se centra en el formato xz escrito completamente en Go.\u0026#xa0;La funci\\u00f3n readUvarint utilizada para leer el formato contenedor xz no puede terminar un bucle y proporcionar una entrada maliciosa.\u0026#xa0;El problema ha sido corregido en la versi\\u00f3n v0.5.8.\u0026#xa0;Como soluci\\u00f3n alternativa, los usuarios pueden limitar el tama\\u00f1o de la entrada del archivo comprimido a un tama\\u00f1o razonable para su caso de uso.\u0026#xa0;La biblioteca est\\u00e1ndar tuvo recientemente el mismo problema y se le asign\\u00f3 el CVE-2020-16845\"}]",
"id": "CVE-2021-29482",
"lastModified": "2024-11-21T06:01:13.820",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-04-28T19:15:08.587",
"references": "[{\"url\": \"https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-29482\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-04-28T19:15:08.587\",\"lastModified\":\"2024-11-21T06:01:13.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated.\"},{\"lang\":\"es\",\"value\":\"xz es una biblioteca de compresi\u00f3n y descompresi\u00f3n que se centra en el formato xz escrito completamente en Go.\u0026#xa0;La funci\u00f3n readUvarint utilizada para leer el formato contenedor xz no puede terminar un bucle y proporcionar una entrada maliciosa.\u0026#xa0;El problema ha sido corregido en la versi\u00f3n v0.5.8.\u0026#xa0;Como soluci\u00f3n alternativa, los usuarios pueden limitar el tama\u00f1o de la entrada del archivo comprimido a un tama\u00f1o razonable para su caso de uso.\u0026#xa0;La biblioteca est\u00e1ndar tuvo recientemente el mismo problema y se le asign\u00f3 el CVE-2020-16845\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xz_project:xz:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.5.8\",\"matchCriteriaId\":\"7BD33BAB-9C3D-43FF-B75B-D71DFB85DB88\"}]}]}],\"references\":[{\"url\":\"https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2022_0687
Vulnerability from csaf_redhat - Published: 2022-02-28 21:18 - Updated: 2024-12-17 21:54Summary
Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.1 security and bug fix update
Severity
Moderate
Notes
Topic: OpenShift API for Data Protection (OADP) 1.0.1 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Security Fix(es):
* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64 | — |
Vendor Fix
fix
|
Known not affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64 | — |
Threats
Impact
Moderate
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. In the OCI Image Specification version 1.0.1 there is specified a recommendation that both manifest and index documents contain a `mediaType` field to identify the type of document.
5.0 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64 | — |
Vendor Fix
fix
|
Known not affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64 | — |
Threats
Impact
Low
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "OpenShift API for Data Protection (OADP) 1.0.1 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es):\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0687",
"url": "https://access.redhat.com/errata/RHSA-2022:0687"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1954368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368"
},
{
"category": "external",
"summary": "2024938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024938"
},
{
"category": "external",
"summary": "OADP-198",
"url": "https://issues.redhat.com/browse/OADP-198"
},
{
"category": "external",
"summary": "OADP-223",
"url": "https://issues.redhat.com/browse/OADP-223"
},
{
"category": "external",
"summary": "OADP-272",
"url": "https://issues.redhat.com/browse/OADP-272"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0687.json"
}
],
"title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.1 security and bug fix update",
"tracking": {
"current_release_date": "2024-12-17T21:54:21+00:00",
"generator": {
"date": "2024-12-17T21:54:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:0687",
"initial_release_date": "2022-02-28T21:18:28+00:00",
"revision_history": [
{
"date": "2022-02-28T21:18:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-02-28T21:18:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:54:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-OADP-1.0",
"product": {
"name": "8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_api_data_protection:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift API for Data Protection"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.0.1-4"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.0.1-7"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
"product_id": "oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.0.1-10"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
"product_id": "oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.0.1-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
"product": {
"name": "oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
"product_id": "oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-registry-rhel8\u0026tag=1.0.1-3"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64",
"product_id": "oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.0.1-5"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.0.1-5"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.0.1-4"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.0.1-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.0.1-4"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.0.1-4"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.0.1-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64"
},
"product_reference": "oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64 as a component of 8Base-OADP-1.0",
"product_id": "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64",
"relates_to_product_reference": "8Base-OADP-1.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29482",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
"8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
"8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
"8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
"8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication, therefore the impact is low.\nIn OCP before 4.7 the buildah, skopeo and podman packages include vulnerable version of github.com/ulikunitz/xz, but these OCP releases are already in the Maintenance Phase of the support, hence affected components are marked as wontfix. This may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
],
"known_not_affected": [
"8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
"8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
"8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
"8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
"8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29482"
},
{
"category": "external",
"summary": "RHBZ#1954368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29482",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482"
}
],
"release_date": "2020-08-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-28T21:18:28+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0687"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
"8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
"8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
"8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
"8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service"
},
{
"cve": "CVE-2021-41190",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2021-11-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
"8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
"8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
"8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2024938"
}
],
"notes": [
{
"category": "description",
"text": "The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. In the OCI Image Specification version 1.0.1 there is specified a recommendation that both manifest and index documents contain a `mediaType` field to identify the type of document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "opencontainers: OCI manifest and index parsing confusion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As a consequence of the OCI Image Specification (and OCI Distribution Specification [1]), container runtime engines (like containerd, moby - Docker Engine, cri-o) deliver updates to adopt new `mediaType` field used for identification of the document type. Even though some Red Hat products rely on container engine, the impact by this issue is LOW.\n\n[1] https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
],
"known_not_affected": [
"8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
"8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
"8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
"8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41190"
},
{
"category": "external",
"summary": "RHBZ#2024938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41190"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42",
"url": "https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m",
"url": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh",
"url": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh"
}
],
"release_date": "2021-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-28T21:18:28+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0687"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
"8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
"8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
"8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
"8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
"8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "opencontainers: OCI manifest and index parsing confusion"
}
]
}
RHSA-2022_1276
Vulnerability from csaf_redhat - Published: 2022-04-07 18:02 - Updated: 2024-12-17 21:56Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.9 security update
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 2.0.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)
* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)
* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)
* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)
* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)
* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)
* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.
7.5 (High)
Affected products
Fixed
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.
7.5 (High)
Affected products
Fixed
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Threats
Impact
Important
A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).
7.5 (High)
Affected products
Fixed
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.3 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — |
Workaround
|
Threats
Impact
Moderate
A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.
5.9 (Medium)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Workaround
|
Threats
Impact
Moderate
There's an input validation flaw in golang.org/x/crypto's readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter safe_regex match.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in envoy. When certificate validation settings are changed, incorrect configuration handling allows TLS session reuse without revalidation.
9.4 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — |
Threats
Impact
Important
A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — |
Threats
Impact
Important
A flaw was found in envoy. When a cluster is deleted via the Cluster Discovery Service, a stack exhaustion may occur.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash.
7.5 (High)
Affected products
Fixed
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Threats
Impact
Moderate
A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition.
7.5 (High)
Affected products
Fixed
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src | — | ||
| Unresolved product id: 8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64 | — |
Threats
Impact
Important
References
95 references
Acknowledgments
Istio Product Security Working Group
Oliver Liu, John Howard and Jacob Delgado
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.0.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)\n\n* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)\n\n* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)\n\n* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)\n\n* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)\n\n* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)\n\n* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1276",
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1913333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
},
{
"category": "external",
"summary": "1913338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
},
{
"category": "external",
"summary": "1921650",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
},
{
"category": "external",
"summary": "1954368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368"
},
{
"category": "external",
"summary": "1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "1999784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784"
},
{
"category": "external",
"summary": "2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "2050744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744"
},
{
"category": "external",
"summary": "2050746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746"
},
{
"category": "external",
"summary": "2050748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748"
},
{
"category": "external",
"summary": "2050753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753"
},
{
"category": "external",
"summary": "2050757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757"
},
{
"category": "external",
"summary": "2050758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758"
},
{
"category": "external",
"summary": "2057277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277"
},
{
"category": "external",
"summary": "2061638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1276.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.9 security update",
"tracking": {
"current_release_date": "2024-12-17T21:56:02+00:00",
"generator": {
"date": "2024-12-17T21:56:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:1276",
"initial_release_date": "2022-04-07T18:02:07+00:00",
"revision_history": [
{
"date": "2022-04-07T18:02:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-07T18:02:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:56:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Service Mesh 2.0",
"product": {
"name": "OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "kiali-0:v1.24.7.redhat1-1.el8.src",
"product": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.src",
"product_id": "kiali-0:v1.24.7.redhat1-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.0.9-3.el8.src",
"product": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.src",
"product_id": "servicemesh-proxy-0:2.0.9-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-operator-0:2.0.9-3.el8.src",
"product": {
"name": "servicemesh-operator-0:2.0.9-3.el8.src",
"product_id": "servicemesh-operator-0:2.0.9-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.0.9-3.el8.src",
"product": {
"name": "servicemesh-0:2.0.9-3.el8.src",
"product_id": "servicemesh-0:2.0.9-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"product": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.0.9-3.el8.src",
"product": {
"name": "servicemesh-cni-0:2.0.9-3.el8.src",
"product_id": "servicemesh-cni-0:2.0.9-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"product": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"product_id": "kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-proxy-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-operator-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-operator-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-operator-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"product": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-cni-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-cni-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"product": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"product_id": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"product": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kiali-0:v1.24.7.redhat1-1.el8.s390x",
"product": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.s390x",
"product_id": "kiali-0:v1.24.7.redhat1-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-proxy-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-operator-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-operator-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-operator-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixc-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-mixc-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixs-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-mixs-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"product": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-cni-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-cni-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le"
},
"product_reference": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x"
},
"product_reference": "kiali-0:v1.24.7.redhat1-1.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src"
},
"product_reference": "kiali-0:v1.24.7.redhat1-1.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
},
"product_reference": "kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src"
},
"product_reference": "servicemesh-0:2.0.9-3.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-cni-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src"
},
"product_reference": "servicemesh-cni-0:2.0.9-3.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-cni-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-mixc-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-mixs-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-operator-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src"
},
"product_reference": "servicemesh-operator-0:2.0.9-3.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-operator-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le"
},
"product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x"
},
"product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src"
},
"product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
},
"product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-proxy-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src"
},
"product_reference": "servicemesh-proxy-0:2.0.9-3.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-proxy-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28851",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1913333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org. In x/text, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28851"
},
{
"category": "external",
"summary": "RHBZ#1913333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851"
}
],
"release_date": "2021-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension"
},
{
"cve": "CVE-2020-28852",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1913338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org. In x/text, a \"slice bounds out of range\" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28852"
},
{
"category": "external",
"summary": "RHBZ#1913338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852"
}
],
"release_date": "2021-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag"
},
{
"cve": "CVE-2021-3121",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1921650"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3121"
},
{
"category": "external",
"summary": "RHBZ#1921650",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
}
],
"release_date": "2021-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation"
},
{
"cve": "CVE-2021-3749",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1999784"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-axios: Regular expression denial of service in trim function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* OpenShift Container Platform (OCP) grafana-container does package a vulnerable version of nodejs axios. However, due to the instance being read only and behind OpenShift OAuth, the impact of this vulnerability is Low.\n\n* Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.1 and previous versions does contain a vulnerable version of nodejs axios, RHACM 2.2 on towards are not affected versions. For RHACM 2.1, due to the instance being read only and behind OAuth, the impact of this vulnerability is Low.\n\n* Because Service Telemetry Framework 1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF\u0027s service-telemetry-operator-container and smart-gateway-operator-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3749"
},
{
"category": "external",
"summary": "RHBZ#1999784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3749",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929",
"url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31",
"url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
}
],
"release_date": "2021-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-axios: Regular expression denial of service in trim function"
},
{
"cve": "CVE-2021-29482",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication, therefore the impact is low.\nIn OCP before 4.7 the buildah, skopeo and podman packages include vulnerable version of github.com/ulikunitz/xz, but these OCP releases are already in the Maintenance Phase of the support, hence affected components are marked as wontfix. This may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29482"
},
{
"category": "external",
"summary": "RHBZ#1954368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29482",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482"
}
],
"release_date": "2020-08-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service"
},
{
"cve": "CVE-2021-29923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1992006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29923"
},
{
"category": "external",
"summary": "RHBZ#1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923"
},
{
"category": "external",
"summary": "https://sick.codes/sick-2021-016/",
"url": "https://sick.codes/sick-2021-016/"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet"
},
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-08-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995656"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "RHBZ#1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk",
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
}
],
"release_date": "2021-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic"
},
{
"cve": "CVE-2021-43565",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030787"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto: empty plaintext packet causes panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43565"
},
{
"category": "external",
"summary": "RHBZ#2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
}
],
"release_date": "2021-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto: empty plaintext packet causes panic"
},
{
"cve": "CVE-2021-43824",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050744"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter safe_regex match.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Null pointer dereference when using JWT filter safe_regex match",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43824"
},
{
"category": "external",
"summary": "RHBZ#2050744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Null pointer dereference when using JWT filter safe_regex match"
},
{
"cve": "CVE-2021-43825",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050746"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Use-after-free when response filters increase response data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43825"
},
{
"category": "external",
"summary": "RHBZ#2050746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Use-after-free when response filters increase response data"
},
{
"cve": "CVE-2021-43826",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050748"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Use-after-free when tunneling TCP over HTTP",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43826"
},
{
"category": "external",
"summary": "RHBZ#2050748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Use-after-free when tunneling TCP over HTTP"
},
{
"cve": "CVE-2022-21654",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. When certificate validation settings are changed, incorrect configuration handling allows TLS session reuse without revalidation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21654"
},
{
"category": "external",
"summary": "RHBZ#2050753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21654",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21654"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation"
},
{
"cve": "CVE-2022-21655",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050757"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect handling of internal redirects to routes with a direct response entry",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21655"
},
{
"category": "external",
"summary": "RHBZ#2050757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect handling of internal redirects to routes with a direct response entry"
},
{
"cve": "CVE-2022-23606",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050758"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. When a cluster is deleted via the Cluster Discovery Service, a stack exhaustion may occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23606"
},
{
"category": "external",
"summary": "RHBZ#2050758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23606",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service"
},
{
"cve": "CVE-2022-23635",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-02-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057277"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: unauthenticated control plane denial of service attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23635"
},
{
"category": "external",
"summary": "RHBZ#2057277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635"
},
{
"category": "external",
"summary": "https://istio.io/latest/news/security/istio-security-2022-003",
"url": "https://istio.io/latest/news/security/istio-security-2022-003"
}
],
"release_date": "2022-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "istio: unauthenticated control plane denial of service attack"
},
{
"acknowledgments": [
{
"names": [
"Oliver Liu, John Howard and Jacob Delgado"
],
"organization": "Istio Product Security Working Group",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-24726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061638"
}
],
"notes": [
{
"category": "description",
"text": "A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24726"
},
{
"category": "external",
"summary": "RHBZ#2061638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726"
},
{
"category": "external",
"summary": "https://istio.io/latest/news/security/istio-security-2022-004/",
"url": "https://istio.io/latest/news/security/istio-security-2022-004/"
}
],
"release_date": "2022-03-09T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion"
}
]
}
RHSA-2022_2183
Vulnerability from csaf_redhat - Published: 2022-05-11 11:33 - Updated: 2024-12-17 21:57Summary
Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview
Severity
Moderate
Notes
Topic: Red Hat OpenStack Platform 16.2 (Train) director Operator containers are
available for technology preview.
Details: Release osp-director-operator images
Security Fix(es):
* golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote (CVE-2019-11253)
* golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794)
* golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257)
* golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
* golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found kubernetes. The parsing of YAML manifests by the Kubernetes API server could lead to a denial-of-service attack leaving it vulnerable to an instance of a "billion laughs" attack. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64 | — |
Threats
Impact
Moderate
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64 | — |
Threats
Impact
Moderate
A flaw was found in containerd. Access controls for the shim's API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64 | — |
Threats
Impact
Low
A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64 | — |
Threats
Impact
Moderate
A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64 | — |
Threats
Impact
Moderate
References
30 references
Acknowledgments
distros
distros
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenStack Platform 16.2 (Train) director Operator containers are\navailable for technology preview.",
"title": "Topic"
},
{
"category": "general",
"text": "Release osp-director-operator images\n\nSecurity Fix(es):\n\n* golang: kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote (CVE-2019-11253)\n* golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794)\n* golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257)\n* golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n* golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:2183",
"url": "https://access.redhat.com/errata/RHSA-2022:2183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1757701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757701"
},
{
"category": "external",
"summary": "1786761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786761"
},
{
"category": "external",
"summary": "1899487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899487"
},
{
"category": "external",
"summary": "1954368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368"
},
{
"category": "external",
"summary": "1982681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982681"
},
{
"category": "external",
"summary": "2079447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079447"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2183.json"
}
],
"title": "Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview",
"tracking": {
"current_release_date": "2024-12-17T21:57:06+00:00",
"generator": {
"date": "2024-12-17T21:57:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:2183",
"initial_release_date": "2022-05-11T11:33:14+00:00",
"revision_history": [
{
"date": "2022-05-11T11:33:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-11T11:33:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:57:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"product": {
"name": "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"product_id": "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-downloader\u0026tag=1.2.3-2"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64",
"product": {
"name": "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64",
"product_id": "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-operator-bundle\u0026tag=1.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64",
"product": {
"name": "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64",
"product_id": "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-operator\u0026tag=1.2.3-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64"
},
"product_reference": "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
},
"product_reference": "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
},
"product_reference": "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11253",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1757701"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found kubernetes. The parsing of YAML manifests by the Kubernetes API server could lead to a denial-of-service attack leaving it vulnerable to an instance of a \"billion laughs\" attack. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat OpenStack Platform, because kubernetes is not directly used in director-operator, the RHOSP Impact has been moved to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
],
"known_not_affected": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11253"
},
{
"category": "external",
"summary": "RHBZ#1757701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757701"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11253",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11253"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11253",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11253"
},
{
"category": "external",
"summary": "https://www.stackrox.com/post/2019/09/protecting-kubernetes-api-against-cve-2019-11253-billion-laughs-attack/",
"url": "https://www.stackrox.com/post/2019/09/protecting-kubernetes-api-against-cve-2019-11253-billion-laughs-attack/"
}
],
"release_date": "2019-09-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-11T11:33:14+00:00",
"details": "OSP 16.2 Release - OSP Director Operator Containers tech preview",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2183"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service"
},
{
"cve": "CVE-2019-19794",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2019-12-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1786761"
}
],
"notes": [
{
"category": "description",
"text": "The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-github-miekg-dns: predictable TXID can lead to response forgeries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
],
"known_not_affected": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19794"
},
{
"category": "external",
"summary": "RHBZ#1786761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19794",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19794"
}
],
"release_date": "2019-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-11T11:33:14+00:00",
"details": "OSP 16.2 Release - OSP Director Operator Containers tech preview",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2183"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-github-miekg-dns: predictable TXID can lead to response forgeries"
},
{
"cve": "CVE-2020-15257",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1899487"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd. Access controls for the shim\u0027s API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* The container runtime in OpenShift Container Platform 4 is cri-o which is not affected by this flaw. It doesn\u0027t make use of abstract unix sockets like containerd, which lead to this vulnerability being possible.\n\n* Red Hat Advanced Cluster Management for Kubernetes is not affected by this flaw. While containerd is included in the multicloud-operators-subscription image as a dependency of helm, it is not used in any way that exposes the abstract unix socket that is involved in this vulnerability.\n\n* The container-tools module in Red Hat Enterprise Linux is not affected by this flaw as these packages do not use abstract unix sockets for container management.\n\n* For Red Hat OpenStack Platform, because containerd is not actually used in director-operator, the RHOSP Impact has been moved to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
],
"known_not_affected": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15257"
},
{
"category": "external",
"summary": "RHBZ#1899487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899487"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15257",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15257"
}
],
"release_date": "2020-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-11T11:33:14+00:00",
"details": "OSP 16.2 Release - OSP Director Operator Containers tech preview",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2183"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation"
},
{
"cve": "CVE-2021-29482",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication, therefore the impact is low.\nIn OCP before 4.7 the buildah, skopeo and podman packages include vulnerable version of github.com/ulikunitz/xz, but these OCP releases are already in the Maintenance Phase of the support, hence affected components are marked as wontfix. This may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
],
"known_not_affected": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29482"
},
{
"category": "external",
"summary": "RHBZ#1954368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29482",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482"
}
],
"release_date": "2020-08-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-11T11:33:14+00:00",
"details": "OSP 16.2 Release - OSP Director Operator Containers tech preview",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2183"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service"
},
{
"acknowledgments": [
{
"names": [
"distros"
],
"organization": "distros"
}
],
"cve": "CVE-2021-32760",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2021-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1982681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host\u2019s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containerd: pulling and extracting crafted container image may result in Unix file permission changes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
],
"known_not_affected": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-32760"
},
{
"category": "external",
"summary": "RHBZ#1982681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-32760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32760"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32760",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32760"
}
],
"release_date": "2021-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-11T11:33:14+00:00",
"details": "OSP 16.2 Release - OSP Director Operator Containers tech preview",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2183"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64",
"8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "containerd: pulling and extracting crafted container image may result in Unix file permission changes"
}
]
}
WID-SEC-W-2022-0970
Vulnerability from csaf_certbund - Published: 2022-04-07 22:00 - Updated: 2024-05-21 22:00Summary
Red Hat OpenShift: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme: - Sonstiges
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 |
References
14 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0970 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0970.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0970 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0970"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4668 vom 2022-05-19",
"url": "https://access.redhat.com/errata/RHSA-2022:4668"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-04-07",
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-04-07",
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1679 vom 2022-05-10",
"url": "https://access.redhat.com/errata/RHSA-2022:1679"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9362 vom 2022-05-09",
"url": "https://linux.oracle.com/errata/ELSA-2022-9362.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202208-02 vom 2022-08-09",
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7129 vom 2022-10-26",
"url": "https://linux.oracle.com/errata/ELSA-2022-7129.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7129 vom 2022-10-25",
"url": "https://access.redhat.com/errata/RHSA-2022:7129"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7457 vom 2022-11-08",
"url": "https://access.redhat.com/errata/RHSA-2022:7457"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7954 vom 2022-11-15",
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2303 vom 2023-10-20",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2303.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2944 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2944"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-21T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:33:04.107+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0970",
"initial_release_date": "2022-04-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-04-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-05-10T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-08-09T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2022-10-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2022-11-08T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-19T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Container Platform 4",
"product": {
"name": "Red Hat OpenShift Container Platform 4",
"product_id": "T022509",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4"
}
}
},
{
"category": "product_version_range",
"name": "Service Mesh \u003c2.1.2",
"product": {
"name": "Red Hat OpenShift Service Mesh \u003c2.1.2",
"product_id": "T022580"
}
},
{
"category": "product_version_range",
"name": "Service Mesh \u003c2.0.9",
"product": {
"name": "Red Hat OpenShift Service Mesh \u003c2.0.9",
"product_id": "T022581"
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28851",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2020-28851"
},
{
"cve": "CVE-2020-28852",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2020-28852"
},
{
"cve": "CVE-2021-29482",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2021-29482"
},
{
"cve": "CVE-2021-29923",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2021-29923"
},
{
"cve": "CVE-2021-3121",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2021-3121"
},
{
"cve": "CVE-2021-36221",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-3749",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2021-3749"
},
{
"cve": "CVE-2021-43565",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2021-43565"
},
{
"cve": "CVE-2021-43824",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2021-43824"
},
{
"cve": "CVE-2021-43825",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2021-43825"
},
{
"cve": "CVE-2021-43826",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2021-43826"
},
{
"cve": "CVE-2022-21654",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2022-21654"
},
{
"cve": "CVE-2022-21655",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2022-21655"
},
{
"cve": "CVE-2022-23606",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2022-23606"
},
{
"cve": "CVE-2022-23635",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2022-23635"
},
{
"cve": "CVE-2022-24726",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00.000+00:00",
"title": "CVE-2022-24726"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…