Vulnerability-Lookup

CVE-2021-44716 (GCVE-0-2021-44716)

Vulnerability from cvelistv5 – Published: 2022-01-01 00:00 – Updated: 2024-08-04 04:32

Summary

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

7 references

URL	Tags
https://groups.google.com/g/golang-announce/c/hcm…
https://security.netapp.com/advisory/ntap-2022012…
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://security.gentoo.org/glsa/202208-02	vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/s…
https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:12.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0002/"
          },
          {
            "name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html"
          },
          {
            "name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
          },
          {
            "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-19T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220121-0002/"
        },
        {
          "name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html"
        },
        {
          "name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
        },
        {
          "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-44716",
    "datePublished": "2022-01-01T00:00:00.000Z",
    "dateReserved": "2021-12-07T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:32:12.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-44716",
      "date": "2026-06-15",
      "epss": "0.03958",
      "percentile": "0.89055"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.16.12\", \"matchCriteriaId\": \"4CF46C0F-E074-4676-A9B3-E6A22861879C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.17.0\", \"versionEndExcluding\": \"1.17.5\", \"matchCriteriaId\": \"406E61FE-D8E5-457E-93C5-8495F43DF42C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_insights_telegraf:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7E26C3B-E416-49D6-B296-33CD93694D39\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.\"}, {\"lang\": \"es\", \"value\": \"net/http en Go versiones anteriores a 1.16.12 y versiones 1.17.x anteriores a 1.17.5, permite un consumo no controlado de memoria en la cach\\u00e9 de canonizaci\\u00f3n del encabezado por medio de peticiones HTTP/2.\\n\"}]",
      "id": "CVE-2021-44716",
      "lastModified": "2024-11-21T06:31:26.960",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-01-01T05:15:08.307",
      "references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/hcmEScgc00k\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-02\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220121-0002/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/hcmEScgc00k\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220121-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-44716\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-01-01T05:15:08.307\",\"lastModified\":\"2024-11-21T06:31:26.960\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.\"},{\"lang\":\"es\",\"value\":\"net/http en Go versiones anteriores a 1.16.12 y versiones 1.17.x anteriores a 1.17.5, permite un consumo no controlado de memoria en la cach\u00e9 de canonizaci\u00f3n del encabezado por medio de peticiones HTTP/2.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.16.12\",\"matchCriteriaId\":\"4CF46C0F-E074-4676-A9B3-E6A22861879C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.17.0\",\"versionEndExcluding\":\"1.17.5\",\"matchCriteriaId\":\"406E61FE-D8E5-457E-93C5-8495F43DF42C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_telegraf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7E26C3B-E416-49D6-B296-33CD93694D39\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/hcmEScgc00k\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220121-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/hcmEScgc00k\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220121-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

RHSA-2023:0408

Vulnerability from csaf_redhat - Published: 2023-01-25 11:11 - Updated: 2026-06-16 02:39

Summary

Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Severity

Important

Notes

Topic: Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images: Security Fix(es): * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) * kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798) * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) * golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773) * golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. RHEL-8-CNV-4.12 ============== bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-38561

A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix

Known not affected 35 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2021-44716

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix Workaround

Known not affected 37 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-44717

There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix Workaround

Known not affected 37 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64	—	Workaround

Threats

Impact Moderate

CVE-2022-1705

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-1798

An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix

Known not affected 37 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Important

CVE-2022-1962

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-23772

A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix

Known not affected 38 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-23773

A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-266 - Incorrect Privilege Assignment

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix

Known not affected 38 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-23806

A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-252 - Unchecked Return Value

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix

Known not affected 37 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-28131

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-29526

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-358 - Improperly Implemented Security Check for Standard

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-30629

A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-331 - Insufficient Entropy

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64	—	Vendor Fix fix

Known not affected 37 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Low

CVE-2022-30630

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-30631

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-30632

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-30633

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-30635

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-32148

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

References

339 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:0408	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1719190	external
https://bugzilla.redhat.com/show_bug.cgi?id=2023393	external
https://bugzilla.redhat.com/show_bug.cgi?id=2030801	external
https://bugzilla.redhat.com/show_bug.cgi?id=2030806	external
https://bugzilla.redhat.com/show_bug.cgi?id=2040377	external
https://bugzilla.redhat.com/show_bug.cgi?id=2046298	external
https://bugzilla.redhat.com/show_bug.cgi?id=2052556	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053532	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://bugzilla.redhat.com/show_bug.cgi?id=2060499	external
https://bugzilla.redhat.com/show_bug.cgi?id=2069098	external
https://bugzilla.redhat.com/show_bug.cgi?id=2070366	external
https://bugzilla.redhat.com/show_bug.cgi?id=2071491	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072797	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072821	external
https://bugzilla.redhat.com/show_bug.cgi?id=2079916	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086285	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086551	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087724	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088129	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088464	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089391	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089744	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089751	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089804	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091856	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092796	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093771	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093996	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094202	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096285	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096780	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097436	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097586	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099556	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099573	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099923	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100290	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100436	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100442	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100495	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100629	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100679	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100682	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100684	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101144	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101164	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101167	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101333	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101335	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101390	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101394	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101423	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101430	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101445	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101454	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101499	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101501	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101628	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101667	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101681	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102074	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102125	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102132	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102138	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102256	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102448	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102475	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102561	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102737	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102740	external
https://bugzilla.redhat.com/show_bug.cgi?id=2103806	external
https://bugzilla.redhat.com/show_bug.cgi?id=2103807	external
https://bugzilla.redhat.com/show_bug.cgi?id=2103817	external
https://bugzilla.redhat.com/show_bug.cgi?id=2103844	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104331	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104402	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104422	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104424	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104479	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104480	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104785	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104859	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105257	external
https://bugzilla.redhat.com/show_bug.cgi?id=2106175	external
https://bugzilla.redhat.com/show_bug.cgi?id=2106963	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107279	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107376	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107383	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107388	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107390	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107392	external
https://bugzilla.redhat.com/show_bug.cgi?id=2108339	external
https://bugzilla.redhat.com/show_bug.cgi?id=2108638	external
https://bugzilla.redhat.com/show_bug.cgi?id=2109818	external
https://bugzilla.redhat.com/show_bug.cgi?id=2109975	external
https://bugzilla.redhat.com/show_bug.cgi?id=2110256	external
https://bugzilla.redhat.com/show_bug.cgi?id=2110562	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111240	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111292	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111328	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111378	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111744	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111794	external
https://bugzilla.redhat.com/show_bug.cgi?id=2112900	external
https://bugzilla.redhat.com/show_bug.cgi?id=2114516	external
https://bugzilla.redhat.com/show_bug.cgi?id=2114636	external
https://bugzilla.redhat.com/show_bug.cgi?id=2114683	external
https://bugzilla.redhat.com/show_bug.cgi?id=2115257	external
https://bugzilla.redhat.com/show_bug.cgi?id=2115258	external
https://bugzilla.redhat.com/show_bug.cgi?id=2115280	external
https://bugzilla.redhat.com/show_bug.cgi?id=2115769	external
https://bugzilla.redhat.com/show_bug.cgi?id=2116225	external
https://bugzilla.redhat.com/show_bug.cgi?id=2116644	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117549	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117803	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117813	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117872	external
https://bugzilla.redhat.com/show_bug.cgi?id=2118257	external
https://bugzilla.redhat.com/show_bug.cgi?id=2118823	external
https://bugzilla.redhat.com/show_bug.cgi?id=2119069	external
https://bugzilla.redhat.com/show_bug.cgi?id=2119128	external
https://bugzilla.redhat.com/show_bug.cgi?id=2119309	external
https://bugzilla.redhat.com/show_bug.cgi?id=2119615	external
https://bugzilla.redhat.com/show_bug.cgi?id=2120907	external
https://bugzilla.redhat.com/show_bug.cgi?id=2121320	external
https://bugzilla.redhat.com/show_bug.cgi?id=2122236	external
https://bugzilla.redhat.com/show_bug.cgi?id=2122990	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124147	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124307	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124528	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124555	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124557	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124558	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124565	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124572	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124582	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124594	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124597	external
https://bugzilla.redhat.com/show_bug.cgi?id=2126104	external
https://bugzilla.redhat.com/show_bug.cgi?id=2126397	external
https://bugzilla.redhat.com/show_bug.cgi?id=2127787	external
https://bugzilla.redhat.com/show_bug.cgi?id=2127843	external
https://bugzilla.redhat.com/show_bug.cgi?id=2127931	external
https://bugzilla.redhat.com/show_bug.cgi?id=2127947	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128002	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128107	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128872	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128948	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128949	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128997	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129013	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129234	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129301	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129870	external
https://bugzilla.redhat.com/show_bug.cgi?id=2130509	external
https://bugzilla.redhat.com/show_bug.cgi?id=2130588	external
https://bugzilla.redhat.com/show_bug.cgi?id=2130695	external
https://bugzilla.redhat.com/show_bug.cgi?id=2130909	external
https://bugzilla.redhat.com/show_bug.cgi?id=2131157	external
https://bugzilla.redhat.com/show_bug.cgi?id=2131165	external
https://bugzilla.redhat.com/show_bug.cgi?id=2131674	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132031	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132682	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132721	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132744	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132746	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132783	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132932	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133540	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133541	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133542	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133543	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133655	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133656	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133659	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133660	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134123	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134672	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134825	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135805	external
https://bugzilla.redhat.com/show_bug.cgi?id=2136051	external
https://bugzilla.redhat.com/show_bug.cgi?id=2136425	external
https://bugzilla.redhat.com/show_bug.cgi?id=2136534	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137123	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137241	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137243	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137349	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137591	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137731	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137733	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137736	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137896	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138112	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138119	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138199	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138653	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138657	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138664	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139257	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139260	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139293	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139296	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139299	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139306	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139479	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139574	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139651	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139687	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139738	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139820	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140117	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140521	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140534	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140627	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140730	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140808	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140977	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140982	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140998	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141089	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141302	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141399	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141494	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141654	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141711	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142468	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142470	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142511	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142647	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142891	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142929	external
https://bugzilla.redhat.com/show_bug.cgi?id=2143268	external
https://bugzilla.redhat.com/show_bug.cgi?id=2143498	external
https://bugzilla.redhat.com/show_bug.cgi?id=2143964	external
https://bugzilla.redhat.com/show_bug.cgi?id=2144580	external
https://bugzilla.redhat.com/show_bug.cgi?id=2144828	external
https://bugzilla.redhat.com/show_bug.cgi?id=2144839	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153849	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155757	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-38561	self
https://bugzilla.redhat.com/show_bug.cgi?id=2100495	external
https://www.cve.org/CVERecord?id=CVE-2021-38561	external
https://nvd.nist.gov/vuln/detail/CVE-2021-38561	external
https://pkg.go.dev/vuln/GO-2021-0113	external
https://access.redhat.com/security/cve/CVE-2021-44716	self
https://bugzilla.redhat.com/show_bug.cgi?id=2030801	external
https://www.cve.org/CVERecord?id=CVE-2021-44716	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44716	external
https://groups.google.com/g/golang-announce/c/hcm…	external
https://access.redhat.com/security/cve/CVE-2021-44717	self
https://bugzilla.redhat.com/show_bug.cgi?id=2030806	external
https://www.cve.org/CVERecord?id=CVE-2021-44717	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44717	external
https://access.redhat.com/security/cve/CVE-2022-1705	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://www.cve.org/CVERecord?id=CVE-2022-1705	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1705	external
https://go.dev/issue/53188	external
https://groups.google.com/g/golang-announce/c/nqr…	external
https://access.redhat.com/security/cve/CVE-2022-1798	self
https://bugzilla.redhat.com/show_bug.cgi?id=2117872	external
https://www.cve.org/CVERecord?id=CVE-2022-1798	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1798	external
https://github.com/google/security-research/secur…	external
https://access.redhat.com/security/cve/CVE-2022-1962	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107376	external
https://www.cve.org/CVERecord?id=CVE-2022-1962	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1962	external
https://go.dev/issue/53616	external
https://access.redhat.com/security/cve/CVE-2022-23772	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053532	external
https://www.cve.org/CVERecord?id=CVE-2022-23772	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23772	external
https://groups.google.com/g/golang-announce/c/SUs…	external
https://access.redhat.com/security/cve/CVE-2022-23773	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://www.cve.org/CVERecord?id=CVE-2022-23773	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23773	external
https://access.redhat.com/security/cve/CVE-2022-23806	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://www.cve.org/CVERecord?id=CVE-2022-23806	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23806	external
https://access.redhat.com/security/cve/CVE-2022-28131	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107390	external
https://www.cve.org/CVERecord?id=CVE-2022-28131	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28131	external
https://go.dev/issue/53614	external
https://access.redhat.com/security/cve/CVE-2022-29526	self
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://www.cve.org/CVERecord?id=CVE-2022-29526	external
https://nvd.nist.gov/vuln/detail/CVE-2022-29526	external
https://groups.google.com/g/golang-announce/c/Y5q…	external
https://access.redhat.com/security/cve/CVE-2022-30629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://www.cve.org/CVERecord?id=CVE-2022-30629	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30629	external
https://groups.google.com/g/golang-announce/c/TzI…	external
https://access.redhat.com/security/cve/CVE-2022-30630	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://www.cve.org/CVERecord?id=CVE-2022-30630	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30630	external
https://go.dev/issue/53415	external
https://access.redhat.com/security/cve/CVE-2022-30631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://www.cve.org/CVERecord?id=CVE-2022-30631	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30631	external
https://go.dev/issue/53168	external
https://access.redhat.com/security/cve/CVE-2022-30632	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://www.cve.org/CVERecord?id=CVE-2022-30632	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30632	external
https://go.dev/issue/53416	external
https://access.redhat.com/security/cve/CVE-2022-30633	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107392	external
https://www.cve.org/CVERecord?id=CVE-2022-30633	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30633	external
https://go.dev/issue/53611	external
https://access.redhat.com/security/cve/CVE-2022-30635	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107388	external
https://www.cve.org/CVERecord?id=CVE-2022-30635	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30635	external
https://go.dev/issue/53615	external
https://access.redhat.com/security/cve/CVE-2022-32148	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107383	external
https://www.cve.org/CVERecord?id=CVE-2022-32148	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32148	external
https://go.dev/issue/53423	external

Acknowledgments

NCC Group Oliver Brooks and James Klopchic

Joël Gähwiler

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:0408",
        "url": "https://access.redhat.com/errata/RHSA-2023:0408"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1719190",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719190"
      },
      {
        "category": "external",
        "summary": "2023393",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023393"
      },
      {
        "category": "external",
        "summary": "2030801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
      },
      {
        "category": "external",
        "summary": "2030806",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
      },
      {
        "category": "external",
        "summary": "2040377",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040377"
      },
      {
        "category": "external",
        "summary": "2046298",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046298"
      },
      {
        "category": "external",
        "summary": "2052556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052556"
      },
      {
        "category": "external",
        "summary": "2053429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
      },
      {
        "category": "external",
        "summary": "2053532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
      },
      {
        "category": "external",
        "summary": "2053541",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
      },
      {
        "category": "external",
        "summary": "2060499",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060499"
      },
      {
        "category": "external",
        "summary": "2069098",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069098"
      },
      {
        "category": "external",
        "summary": "2070366",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
      },
      {
        "category": "external",
        "summary": "2071491",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071491"
      },
      {
        "category": "external",
        "summary": "2072797",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072797"
      },
      {
        "category": "external",
        "summary": "2072821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072821"
      },
      {
        "category": "external",
        "summary": "2079916",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079916"
      },
      {
        "category": "external",
        "summary": "2084085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
      },
      {
        "category": "external",
        "summary": "2086285",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086285"
      },
      {
        "category": "external",
        "summary": "2086551",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086551"
      },
      {
        "category": "external",
        "summary": "2087724",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087724"
      },
      {
        "category": "external",
        "summary": "2088129",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088129"
      },
      {
        "category": "external",
        "summary": "2088464",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088464"
      },
      {
        "category": "external",
        "summary": "2089391",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089391"
      },
      {
        "category": "external",
        "summary": "2089744",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089744"
      },
      {
        "category": "external",
        "summary": "2089751",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089751"
      },
      {
        "category": "external",
        "summary": "2089804",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089804"
      },
      {
        "category": "external",
        "summary": "2091856",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091856"
      },
      {
        "category": "external",
        "summary": "2092793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
      },
      {
        "category": "external",
        "summary": "2092796",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092796"
      },
      {
        "category": "external",
        "summary": "2093771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093771"
      },
      {
        "category": "external",
        "summary": "2093996",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093996"
      },
      {
        "category": "external",
        "summary": "2094202",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202"
      },
      {
        "category": "external",
        "summary": "2096285",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096285"
      },
      {
        "category": "external",
        "summary": "2096780",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096780"
      },
      {
        "category": "external",
        "summary": "2097436",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097436"
      },
      {
        "category": "external",
        "summary": "2097586",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586"
      },
      {
        "category": "external",
        "summary": "2099556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099556"
      },
      {
        "category": "external",
        "summary": "2099573",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099573"
      },
      {
        "category": "external",
        "summary": "2099923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099923"
      },
      {
        "category": "external",
        "summary": "2100290",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100290"
      },
      {
        "category": "external",
        "summary": "2100436",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100436"
      },
      {
        "category": "external",
        "summary": "2100442",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100442"
      },
      {
        "category": "external",
        "summary": "2100495",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
      },
      {
        "category": "external",
        "summary": "2100629",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100629"
      },
      {
        "category": "external",
        "summary": "2100679",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100679"
      },
      {
        "category": "external",
        "summary": "2100682",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100682"
      },
      {
        "category": "external",
        "summary": "2100684",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100684"
      },
      {
        "category": "external",
        "summary": "2101144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101144"
      },
      {
        "category": "external",
        "summary": "2101164",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164"
      },
      {
        "category": "external",
        "summary": "2101167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101167"
      },
      {
        "category": "external",
        "summary": "2101333",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101333"
      },
      {
        "category": "external",
        "summary": "2101335",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101335"
      },
      {
        "category": "external",
        "summary": "2101390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101390"
      },
      {
        "category": "external",
        "summary": "2101394",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101394"
      },
      {
        "category": "external",
        "summary": "2101423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101423"
      },
      {
        "category": "external",
        "summary": "2101430",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430"
      },
      {
        "category": "external",
        "summary": "2101445",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101445"
      },
      {
        "category": "external",
        "summary": "2101454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454"
      },
      {
        "category": "external",
        "summary": "2101499",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101499"
      },
      {
        "category": "external",
        "summary": "2101501",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101501"
      },
      {
        "category": "external",
        "summary": "2101628",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628"
      },
      {
        "category": "external",
        "summary": "2101667",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101667"
      },
      {
        "category": "external",
        "summary": "2101681",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101681"
      },
      {
        "category": "external",
        "summary": "2102074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102074"
      },
      {
        "category": "external",
        "summary": "2102125",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125"
      },
      {
        "category": "external",
        "summary": "2102132",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102132"
      },
      {
        "category": "external",
        "summary": "2102138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102138"
      },
      {
        "category": "external",
        "summary": "2102256",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256"
      },
      {
        "category": "external",
        "summary": "2102448",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448"
      },
      {
        "category": "external",
        "summary": "2102475",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102475"
      },
      {
        "category": "external",
        "summary": "2102561",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102561"
      },
      {
        "category": "external",
        "summary": "2102737",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102737"
      },
      {
        "category": "external",
        "summary": "2102740",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102740"
      },
      {
        "category": "external",
        "summary": "2103806",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103806"
      },
      {
        "category": "external",
        "summary": "2103807",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103807"
      },
      {
        "category": "external",
        "summary": "2103817",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103817"
      },
      {
        "category": "external",
        "summary": "2103844",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103844"
      },
      {
        "category": "external",
        "summary": "2104331",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104331"
      },
      {
        "category": "external",
        "summary": "2104402",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104402"
      },
      {
        "category": "external",
        "summary": "2104422",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104422"
      },
      {
        "category": "external",
        "summary": "2104424",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104424"
      },
      {
        "category": "external",
        "summary": "2104479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104479"
      },
      {
        "category": "external",
        "summary": "2104480",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104480"
      },
      {
        "category": "external",
        "summary": "2104785",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104785"
      },
      {
        "category": "external",
        "summary": "2104859",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104859"
      },
      {
        "category": "external",
        "summary": "2105257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105257"
      },
      {
        "category": "external",
        "summary": "2106175",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175"
      },
      {
        "category": "external",
        "summary": "2106963",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106963"
      },
      {
        "category": "external",
        "summary": "2107279",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107279"
      },
      {
        "category": "external",
        "summary": "2107342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
      },
      {
        "category": "external",
        "summary": "2107371",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
      },
      {
        "category": "external",
        "summary": "2107374",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
      },
      {
        "category": "external",
        "summary": "2107376",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
      },
      {
        "category": "external",
        "summary": "2107383",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
      },
      {
        "category": "external",
        "summary": "2107386",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
      },
      {
        "category": "external",
        "summary": "2107388",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
      },
      {
        "category": "external",
        "summary": "2107390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
      },
      {
        "category": "external",
        "summary": "2107392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
      },
      {
        "category": "external",
        "summary": "2108339",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108339"
      },
      {
        "category": "external",
        "summary": "2108638",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108638"
      },
      {
        "category": "external",
        "summary": "2109818",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109818"
      },
      {
        "category": "external",
        "summary": "2109975",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109975"
      },
      {
        "category": "external",
        "summary": "2110256",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110256"
      },
      {
        "category": "external",
        "summary": "2110562",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110562"
      },
      {
        "category": "external",
        "summary": "2111240",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111240"
      },
      {
        "category": "external",
        "summary": "2111292",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111292"
      },
      {
        "category": "external",
        "summary": "2111328",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111328"
      },
      {
        "category": "external",
        "summary": "2111378",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111378"
      },
      {
        "category": "external",
        "summary": "2111744",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111744"
      },
      {
        "category": "external",
        "summary": "2111794",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111794"
      },
      {
        "category": "external",
        "summary": "2112900",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112900"
      },
      {
        "category": "external",
        "summary": "2114516",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114516"
      },
      {
        "category": "external",
        "summary": "2114636",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114636"
      },
      {
        "category": "external",
        "summary": "2114683",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114683"
      },
      {
        "category": "external",
        "summary": "2115257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115257"
      },
      {
        "category": "external",
        "summary": "2115258",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115258"
      },
      {
        "category": "external",
        "summary": "2115280",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115280"
      },
      {
        "category": "external",
        "summary": "2115769",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115769"
      },
      {
        "category": "external",
        "summary": "2116225",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116225"
      },
      {
        "category": "external",
        "summary": "2116644",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116644"
      },
      {
        "category": "external",
        "summary": "2117549",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117549"
      },
      {
        "category": "external",
        "summary": "2117803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117803"
      },
      {
        "category": "external",
        "summary": "2117813",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117813"
      },
      {
        "category": "external",
        "summary": "2117872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
      },
      {
        "category": "external",
        "summary": "2118257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118257"
      },
      {
        "category": "external",
        "summary": "2118823",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118823"
      },
      {
        "category": "external",
        "summary": "2119069",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119069"
      },
      {
        "category": "external",
        "summary": "2119128",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119128"
      },
      {
        "category": "external",
        "summary": "2119309",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119309"
      },
      {
        "category": "external",
        "summary": "2119615",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119615"
      },
      {
        "category": "external",
        "summary": "2120907",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120907"
      },
      {
        "category": "external",
        "summary": "2121320",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121320"
      },
      {
        "category": "external",
        "summary": "2122236",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122236"
      },
      {
        "category": "external",
        "summary": "2122990",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122990"
      },
      {
        "category": "external",
        "summary": "2124147",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124147"
      },
      {
        "category": "external",
        "summary": "2124307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124307"
      },
      {
        "category": "external",
        "summary": "2124528",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124528"
      },
      {
        "category": "external",
        "summary": "2124555",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124555"
      },
      {
        "category": "external",
        "summary": "2124557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124557"
      },
      {
        "category": "external",
        "summary": "2124558",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124558"
      },
      {
        "category": "external",
        "summary": "2124565",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124565"
      },
      {
        "category": "external",
        "summary": "2124572",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124572"
      },
      {
        "category": "external",
        "summary": "2124582",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124582"
      },
      {
        "category": "external",
        "summary": "2124594",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124594"
      },
      {
        "category": "external",
        "summary": "2124597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124597"
      },
      {
        "category": "external",
        "summary": "2126104",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126104"
      },
      {
        "category": "external",
        "summary": "2126397",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126397"
      },
      {
        "category": "external",
        "summary": "2127787",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127787"
      },
      {
        "category": "external",
        "summary": "2127843",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127843"
      },
      {
        "category": "external",
        "summary": "2127931",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127931"
      },
      {
        "category": "external",
        "summary": "2127947",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127947"
      },
      {
        "category": "external",
        "summary": "2128002",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128002"
      },
      {
        "category": "external",
        "summary": "2128107",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128107"
      },
      {
        "category": "external",
        "summary": "2128872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128872"
      },
      {
        "category": "external",
        "summary": "2128948",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128948"
      },
      {
        "category": "external",
        "summary": "2128949",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128949"
      },
      {
        "category": "external",
        "summary": "2128997",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128997"
      },
      {
        "category": "external",
        "summary": "2129013",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129013"
      },
      {
        "category": "external",
        "summary": "2129234",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129234"
      },
      {
        "category": "external",
        "summary": "2129301",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129301"
      },
      {
        "category": "external",
        "summary": "2129870",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129870"
      },
      {
        "category": "external",
        "summary": "2130509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130509"
      },
      {
        "category": "external",
        "summary": "2130588",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130588"
      },
      {
        "category": "external",
        "summary": "2130695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130695"
      },
      {
        "category": "external",
        "summary": "2130909",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130909"
      },
      {
        "category": "external",
        "summary": "2131157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131157"
      },
      {
        "category": "external",
        "summary": "2131165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131165"
      },
      {
        "category": "external",
        "summary": "2131674",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131674"
      },
      {
        "category": "external",
        "summary": "2132031",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132031"
      },
      {
        "category": "external",
        "summary": "2132682",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132682"
      },
      {
        "category": "external",
        "summary": "2132721",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132721"
      },
      {
        "category": "external",
        "summary": "2132744",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132744"
      },
      {
        "category": "external",
        "summary": "2132746",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132746"
      },
      {
        "category": "external",
        "summary": "2132783",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132783"
      },
      {
        "category": "external",
        "summary": "2132793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132793"
      },
      {
        "category": "external",
        "summary": "2132932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132932"
      },
      {
        "category": "external",
        "summary": "2133540",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133540"
      },
      {
        "category": "external",
        "summary": "2133541",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133541"
      },
      {
        "category": "external",
        "summary": "2133542",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133542"
      },
      {
        "category": "external",
        "summary": "2133543",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133543"
      },
      {
        "category": "external",
        "summary": "2133655",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133655"
      },
      {
        "category": "external",
        "summary": "2133656",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133656"
      },
      {
        "category": "external",
        "summary": "2133659",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133659"
      },
      {
        "category": "external",
        "summary": "2133660",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133660"
      },
      {
        "category": "external",
        "summary": "2134123",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134123"
      },
      {
        "category": "external",
        "summary": "2134672",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134672"
      },
      {
        "category": "external",
        "summary": "2134825",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134825"
      },
      {
        "category": "external",
        "summary": "2135805",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135805"
      },
      {
        "category": "external",
        "summary": "2136051",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136051"
      },
      {
        "category": "external",
        "summary": "2136425",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136425"
      },
      {
        "category": "external",
        "summary": "2136534",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136534"
      },
      {
        "category": "external",
        "summary": "2137123",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137123"
      },
      {
        "category": "external",
        "summary": "2137241",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137241"
      },
      {
        "category": "external",
        "summary": "2137243",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137243"
      },
      {
        "category": "external",
        "summary": "2137349",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137349"
      },
      {
        "category": "external",
        "summary": "2137591",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137591"
      },
      {
        "category": "external",
        "summary": "2137731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137731"
      },
      {
        "category": "external",
        "summary": "2137733",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137733"
      },
      {
        "category": "external",
        "summary": "2137736",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137736"
      },
      {
        "category": "external",
        "summary": "2137896",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137896"
      },
      {
        "category": "external",
        "summary": "2138112",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138112"
      },
      {
        "category": "external",
        "summary": "2138119",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138119"
      },
      {
        "category": "external",
        "summary": "2138199",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138199"
      },
      {
        "category": "external",
        "summary": "2138653",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138653"
      },
      {
        "category": "external",
        "summary": "2138657",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138657"
      },
      {
        "category": "external",
        "summary": "2138664",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138664"
      },
      {
        "category": "external",
        "summary": "2139257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139257"
      },
      {
        "category": "external",
        "summary": "2139260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139260"
      },
      {
        "category": "external",
        "summary": "2139293",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139293"
      },
      {
        "category": "external",
        "summary": "2139296",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139296"
      },
      {
        "category": "external",
        "summary": "2139299",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139299"
      },
      {
        "category": "external",
        "summary": "2139306",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139306"
      },
      {
        "category": "external",
        "summary": "2139479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139479"
      },
      {
        "category": "external",
        "summary": "2139574",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139574"
      },
      {
        "category": "external",
        "summary": "2139651",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139651"
      },
      {
        "category": "external",
        "summary": "2139687",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139687"
      },
      {
        "category": "external",
        "summary": "2139738",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139738"
      },
      {
        "category": "external",
        "summary": "2139820",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139820"
      },
      {
        "category": "external",
        "summary": "2140117",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140117"
      },
      {
        "category": "external",
        "summary": "2140521",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140521"
      },
      {
        "category": "external",
        "summary": "2140534",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140534"
      },
      {
        "category": "external",
        "summary": "2140627",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140627"
      },
      {
        "category": "external",
        "summary": "2140730",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140730"
      },
      {
        "category": "external",
        "summary": "2140808",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140808"
      },
      {
        "category": "external",
        "summary": "2140977",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140977"
      },
      {
        "category": "external",
        "summary": "2140982",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140982"
      },
      {
        "category": "external",
        "summary": "2140998",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140998"
      },
      {
        "category": "external",
        "summary": "2141089",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141089"
      },
      {
        "category": "external",
        "summary": "2141302",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141302"
      },
      {
        "category": "external",
        "summary": "2141399",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141399"
      },
      {
        "category": "external",
        "summary": "2141494",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141494"
      },
      {
        "category": "external",
        "summary": "2141654",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141654"
      },
      {
        "category": "external",
        "summary": "2141711",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141711"
      },
      {
        "category": "external",
        "summary": "2142468",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142468"
      },
      {
        "category": "external",
        "summary": "2142470",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142470"
      },
      {
        "category": "external",
        "summary": "2142511",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142511"
      },
      {
        "category": "external",
        "summary": "2142647",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142647"
      },
      {
        "category": "external",
        "summary": "2142891",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142891"
      },
      {
        "category": "external",
        "summary": "2142929",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142929"
      },
      {
        "category": "external",
        "summary": "2143268",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143268"
      },
      {
        "category": "external",
        "summary": "2143498",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143498"
      },
      {
        "category": "external",
        "summary": "2143964",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143964"
      },
      {
        "category": "external",
        "summary": "2144580",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144580"
      },
      {
        "category": "external",
        "summary": "2144828",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144828"
      },
      {
        "category": "external",
        "summary": "2144839",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144839"
      },
      {
        "category": "external",
        "summary": "2153849",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153849"
      },
      {
        "category": "external",
        "summary": "2155757",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155757"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0408.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update",
    "tracking": {
      "current_release_date": "2026-06-16T02:39:43+00:00",
      "generator": {
        "date": "2026-06-16T02:39:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2023:0408",
      "initial_release_date": "2023-01-25T11:11:29+00:00",
      "revision_history": [
        {
          "date": "2023-01-25T11:11:29+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-01-25T11:11:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-16T02:39:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CNV 4.12 for RHEL 8",
                "product": {
                  "name": "CNV 4.12 for RHEL 8",
                  "product_id": "8Base-CNV-4.12",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
                "product": {
                  "name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
                  "product_id": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
                "product": {
                  "name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
                  "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
                "product": {
                  "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
                  "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
                "product": {
                  "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
                  "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.12.0-58"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
                "product": {
                  "name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
                  "product_id": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.12.0-769"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
                  "product_id": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.12.0-30"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
                  "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.12.0-30"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
                  "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.12.0-31"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
                "product": {
                  "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
                  "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.12.0-96"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
                "product": {
                  "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
                  "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.12.0-96"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
                "product": {
                  "name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
                  "product_id": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
                  "product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.12.0-182"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
                  "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.12.0-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.12.0-40"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
                  "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.12.0-32"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
                "product": {
                  "name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
                  "product_id": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
                "product": {
                  "name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
                  "product_id": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
                "product": {
                  "name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
                  "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
                  "product_id": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
                  "product_id": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.12.0-71"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
                  "product_id": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
                  "product_id": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
                  "product_id": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
                  "product_id": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
                "product": {
                  "name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
                  "product_id": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.12.0-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
                  "product_id": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
                  "product_id": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
                  "product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.12.0-89"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64"
        },
        "product_reference": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64"
        },
        "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64"
        },
        "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64"
        },
        "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64"
        },
        "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64"
        },
        "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64"
        },
        "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64"
        },
        "product_reference": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
        },
        "product_reference": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64"
        },
        "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64"
        },
        "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        },
        "product_reference": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64"
        },
        "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64"
        },
        "product_reference": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64"
        },
        "product_reference": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64"
        },
        "product_reference": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64"
        },
        "product_reference": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64"
        },
        "product_reference": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        },
        "product_reference": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64"
        },
        "product_reference": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        },
        "product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-38561",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2022-06-23T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2100495"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "RHBZ#2100495",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2021-0113",
          "url": "https://pkg.go.dev/vuln/GO-2021-0113"
        }
      ],
      "release_date": "2021-08-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
    },
    {
      "cve": "CVE-2021-44716",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-12-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: limit growth of header canonicalization cache",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
          "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
        }
      ],
      "release_date": "2021-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: limit growth of header canonicalization cache"
    },
    {
      "cve": "CVE-2021-44717",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-12-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030806"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030806",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
          "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
        }
      ],
      "release_date": "2021-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        },
        {
          "category": "workaround",
          "details": "This bug can be mitigated by raising the per-process file descriptor limit.",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
    },
    {
      "cve": "CVE-2022-1705",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107374"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: improper sanitization of Transfer-Encoding header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107374",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53188",
          "url": "https://go.dev/issue/53188"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: improper sanitization of Transfer-Encoding header"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Oliver Brooks and James Klopchic"
          ],
          "organization": "NCC Group"
        }
      ],
      "cve": "CVE-2022-1798",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-08-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2117872"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1798"
        },
        {
          "category": "external",
          "summary": "RHBZ#2117872",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
        },
        {
          "category": "external",
          "summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
          "url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
        }
      ],
      "release_date": "2022-08-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
    },
    {
      "cve": "CVE-2022-1962",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107376"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: go/parser: stack exhaustion in all Parse* functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107376",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53616",
          "url": "https://go.dev/issue/53616"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: go/parser: stack exhaustion in all Parse* functions"
    },
    {
      "cve": "CVE-2022-23772",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053532"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053532",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-01-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
    },
    {
      "cve": "CVE-2022-23773",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053541"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053541",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
    },
    {
      "cve": "CVE-2022-23806",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053429"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053429",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
    },
    {
      "cve": "CVE-2022-28131",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107390"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107390",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53614",
          "url": "https://go.dev/issue/53614"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jo\u00ebl G\u00e4hwiler"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-29526",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "discovery_date": "2022-05-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2084085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: faccessat checks wrong group",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "RHBZ#2084085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
          "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
        }
      ],
      "release_date": "2022-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: faccessat checks wrong group"
    },
    {
      "cve": "CVE-2022-30629",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2022-06-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2092793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: session tickets lack random ticket_age_add",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2092793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
          "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
        }
      ],
      "release_date": "2022-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/tls: session tickets lack random ticket_age_add"
    },
    {
      "cve": "CVE-2022-30630",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107371"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: io/fs: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107371",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53415",
          "url": "https://go.dev/issue/53415"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: io/fs: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-30631",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: compress/gzip: stack exhaustion in Reader.Read",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53168",
          "url": "https://go.dev/issue/53168"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: compress/gzip: stack exhaustion in Reader.Read"
    },
    {
      "cve": "CVE-2022-30632",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107386"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: path/filepath: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107386",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53416",
          "url": "https://go.dev/issue/53416"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: path/filepath: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-30633",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/xml: stack exhaustion in Unmarshal",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53611",
          "url": "https://go.dev/issue/53611"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/xml: stack exhaustion in Unmarshal"
    },
    {
      "cve": "CVE-2022-30635",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107388"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107388",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53615",
          "url": "https://go.dev/issue/53615"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
    },
    {
      "cve": "CVE-2022-32148",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107383"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107383",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53423",
          "url": "https://go.dev/issue/53423"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
    }
  ]
}

RHSA-2023_0407

Vulnerability from csaf_redhat - Published: 2023-01-24 12:51 - Updated: 2024-12-17 22:07

Summary

Red Hat Security Advisory: OpenShift Virtualization 4.12.0 RPMs security update

Severity

Moderate

Notes

Topic: Updated release packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.0 RPMs. Security Fix(es): * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-38561

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-44716

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2021-44717

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2022-1705

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-1962

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-24921

A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-28131

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-30629

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-331 - Insufficient Entropy

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-30630

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-30631

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-30632

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-30633

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-30635

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-32148

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

References

88 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:0407	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2030801	external
https://bugzilla.redhat.com/show_bug.cgi?id=2030806	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089804	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100495	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107376	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107383	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107388	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107390	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107392	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-38561	self
https://bugzilla.redhat.com/show_bug.cgi?id=2100495	external
https://www.cve.org/CVERecord?id=CVE-2021-38561	external
https://nvd.nist.gov/vuln/detail/CVE-2021-38561	external
https://pkg.go.dev/vuln/GO-2021-0113	external
https://access.redhat.com/security/cve/CVE-2021-44716	self
https://bugzilla.redhat.com/show_bug.cgi?id=2030801	external
https://www.cve.org/CVERecord?id=CVE-2021-44716	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44716	external
https://groups.google.com/g/golang-announce/c/hcm…	external
https://access.redhat.com/security/cve/CVE-2021-44717	self
https://bugzilla.redhat.com/show_bug.cgi?id=2030806	external
https://www.cve.org/CVERecord?id=CVE-2021-44717	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44717	external
https://access.redhat.com/security/cve/CVE-2022-1705	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://www.cve.org/CVERecord?id=CVE-2022-1705	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1705	external
https://go.dev/issue/53188	external
https://groups.google.com/g/golang-announce/c/nqr…	external
https://access.redhat.com/security/cve/CVE-2022-1962	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107376	external
https://www.cve.org/CVERecord?id=CVE-2022-1962	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1962	external
https://go.dev/issue/53616	external
https://access.redhat.com/security/cve/CVE-2022-24921	self
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://www.cve.org/CVERecord?id=CVE-2022-24921	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24921	external
https://groups.google.com/g/golang-announce/c/RP1…	external
https://access.redhat.com/security/cve/CVE-2022-28131	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107390	external
https://www.cve.org/CVERecord?id=CVE-2022-28131	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28131	external
https://go.dev/issue/53614	external
https://access.redhat.com/security/cve/CVE-2022-30629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://www.cve.org/CVERecord?id=CVE-2022-30629	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30629	external
https://groups.google.com/g/golang-announce/c/TzI…	external
https://access.redhat.com/security/cve/CVE-2022-30630	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://www.cve.org/CVERecord?id=CVE-2022-30630	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30630	external
https://go.dev/issue/53415	external
https://access.redhat.com/security/cve/CVE-2022-30631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://www.cve.org/CVERecord?id=CVE-2022-30631	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30631	external
https://go.dev/issue/53168	external
https://access.redhat.com/security/cve/CVE-2022-30632	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://www.cve.org/CVERecord?id=CVE-2022-30632	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30632	external
https://go.dev/issue/53416	external
https://access.redhat.com/security/cve/CVE-2022-30633	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107392	external
https://www.cve.org/CVERecord?id=CVE-2022-30633	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30633	external
https://go.dev/issue/53611	external
https://access.redhat.com/security/cve/CVE-2022-30635	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107388	external
https://www.cve.org/CVERecord?id=CVE-2022-30635	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30635	external
https://go.dev/issue/53615	external
https://access.redhat.com/security/cve/CVE-2022-32148	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107383	external
https://www.cve.org/CVERecord?id=CVE-2022-32148	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32148	external
https://go.dev/issue/53423	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated release packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\u00a0This advisory contains OpenShift Virtualization 4.12.0 RPMs.\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:0407",
        "url": "https://access.redhat.com/errata/RHSA-2023:0407"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2030801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
      },
      {
        "category": "external",
        "summary": "2030806",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
      },
      {
        "category": "external",
        "summary": "2064857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
      },
      {
        "category": "external",
        "summary": "2089804",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089804"
      },
      {
        "category": "external",
        "summary": "2092793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
      },
      {
        "category": "external",
        "summary": "2100495",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
      },
      {
        "category": "external",
        "summary": "2107342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
      },
      {
        "category": "external",
        "summary": "2107371",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
      },
      {
        "category": "external",
        "summary": "2107374",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
      },
      {
        "category": "external",
        "summary": "2107376",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
      },
      {
        "category": "external",
        "summary": "2107383",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
      },
      {
        "category": "external",
        "summary": "2107386",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
      },
      {
        "category": "external",
        "summary": "2107388",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
      },
      {
        "category": "external",
        "summary": "2107390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
      },
      {
        "category": "external",
        "summary": "2107392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0407.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 RPMs security update",
    "tracking": {
      "current_release_date": "2024-12-17T22:07:56+00:00",
      "generator": {
        "date": "2024-12-17T22:07:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2023:0407",
      "initial_release_date": "2023-01-24T12:51:07+00:00",
      "revision_history": [
        {
          "date": "2023-01-24T12:51:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-01-24T12:51:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T22:07:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CNV 4.12 for RHEL 8",
                "product": {
                  "name": "CNV 4.12 for RHEL 8",
                  "product_id": "8Base-CNV-4.12",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "CNV 4.12 for RHEL 7",
                "product": {
                  "name": "CNV 4.12 for RHEL 7",
                  "product_id": "7Server-CNV-4.12",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kubevirt-0:4.12.0-1057.el8.src",
                "product": {
                  "name": "kubevirt-0:4.12.0-1057.el8.src",
                  "product_id": "kubevirt-0:4.12.0-1057.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kubevirt@4.12.0-1057.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-0:4.12.0-1057.el7.src",
                "product": {
                  "name": "kubevirt-0:4.12.0-1057.el7.src",
                  "product_id": "kubevirt-0:4.12.0-1057.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kubevirt@4.12.0-1057.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
                "product": {
                  "name": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
                  "product_id": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kubevirt-virtctl@4.12.0-1057.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
                "product": {
                  "name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
                  "product_id": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.12.0-1057.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
                "product": {
                  "name": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
                  "product_id": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kubevirt-virtctl@4.12.0-1057.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
                "product": {
                  "name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
                  "product_id": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.12.0-1057.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-0:4.12.0-1057.el7.src as a component of CNV 4.12 for RHEL 7",
          "product_id": "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src"
        },
        "product_reference": "kubevirt-0:4.12.0-1057.el7.src",
        "relates_to_product_reference": "7Server-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 as a component of CNV 4.12 for RHEL 7",
          "product_id": "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64"
        },
        "product_reference": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
        "relates_to_product_reference": "7Server-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 as a component of CNV 4.12 for RHEL 7",
          "product_id": "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64"
        },
        "product_reference": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
        "relates_to_product_reference": "7Server-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-0:4.12.0-1057.el8.src as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src"
        },
        "product_reference": "kubevirt-0:4.12.0-1057.el8.src",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64"
        },
        "product_reference": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        },
        "product_reference": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-38561",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2022-06-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2100495"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "RHBZ#2100495",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2021-0113",
          "url": "https://pkg.go.dev/vuln/GO-2021-0113"
        }
      ],
      "release_date": "2021-08-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
    },
    {
      "cve": "CVE-2021-44716",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: limit growth of header canonicalization cache",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
          "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
        }
      ],
      "release_date": "2021-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: limit growth of header canonicalization cache"
    },
    {
      "cve": "CVE-2021-44717",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030806"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030806",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
          "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
        }
      ],
      "release_date": "2021-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        },
        {
          "category": "workaround",
          "details": "This bug can be mitigated by raising the per-process file descriptor limit.",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
    },
    {
      "cve": "CVE-2022-1705",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107374"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: improper sanitization of Transfer-Encoding header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107374",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53188",
          "url": "https://go.dev/issue/53188"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: improper sanitization of Transfer-Encoding header"
    },
    {
      "cve": "CVE-2022-1962",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107376"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: go/parser: stack exhaustion in all Parse* functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107376",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53616",
          "url": "https://go.dev/issue/53616"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: go/parser: stack exhaustion in all Parse* functions"
    },
    {
      "cve": "CVE-2022-24921",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2064857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: regexp: stack exhaustion via a deeply nested expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "RHBZ#2064857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
          "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
        }
      ],
      "release_date": "2022-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: regexp: stack exhaustion via a deeply nested expression"
    },
    {
      "cve": "CVE-2022-28131",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107390"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107390",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53614",
          "url": "https://go.dev/issue/53614"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
    },
    {
      "cve": "CVE-2022-30629",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2022-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2092793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: session tickets lack random ticket_age_add",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2092793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
          "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
        }
      ],
      "release_date": "2022-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/tls: session tickets lack random ticket_age_add"
    },
    {
      "cve": "CVE-2022-30630",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107371"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: io/fs: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107371",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53415",
          "url": "https://go.dev/issue/53415"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: io/fs: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-30631",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: compress/gzip: stack exhaustion in Reader.Read",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53168",
          "url": "https://go.dev/issue/53168"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: compress/gzip: stack exhaustion in Reader.Read"
    },
    {
      "cve": "CVE-2022-30632",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107386"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: path/filepath: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107386",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53416",
          "url": "https://go.dev/issue/53416"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: path/filepath: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-30633",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/xml: stack exhaustion in Unmarshal",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53611",
          "url": "https://go.dev/issue/53611"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/xml: stack exhaustion in Unmarshal"
    },
    {
      "cve": "CVE-2022-30635",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107388"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107388",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53615",
          "url": "https://go.dev/issue/53615"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
    },
    {
      "cve": "CVE-2022-32148",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107383"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
          "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
          "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
          "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
          "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
          "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107383",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53423",
          "url": "https://go.dev/issue/53423"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-24T12:51:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
            "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
            "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
            "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
            "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
            "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
    }
  ]
}

RHSA-2023_0408

Vulnerability from csaf_redhat - Published: 2023-01-25 11:11 - Updated: 2024-12-17 22:08

Summary

Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Severity

Important

Notes

CVE-2021-38561

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix

Known not affected 35 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2021-44716

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix Workaround

Known not affected 37 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-44717

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix Workaround

Known not affected 37 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64	—	Workaround

Threats

Impact Moderate

CVE-2022-1705

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-1798

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix

Known not affected 37 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Important

CVE-2022-1962

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-23772

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix

Known not affected 38 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-23773

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-1220 - Insufficient Granularity of Access Control

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix

Known not affected 38 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-23806

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-252 - Unchecked Return Value

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64	—	Vendor Fix fix

Known not affected 37 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-28131

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-29526

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-30629

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-331 - Insufficient Entropy

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64	—	Vendor Fix fix

Known not affected 37 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Low

CVE-2022-30630

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-30631

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-30632

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-30633

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-30635

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

CVE-2022-32148

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64		—	Vendor Fix fix

Known not affected 42 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64		—
Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64		—

Threats

Impact Moderate

References

339 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:0408	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1719190	external
https://bugzilla.redhat.com/show_bug.cgi?id=2023393	external
https://bugzilla.redhat.com/show_bug.cgi?id=2030801	external
https://bugzilla.redhat.com/show_bug.cgi?id=2030806	external
https://bugzilla.redhat.com/show_bug.cgi?id=2040377	external
https://bugzilla.redhat.com/show_bug.cgi?id=2046298	external
https://bugzilla.redhat.com/show_bug.cgi?id=2052556	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053532	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://bugzilla.redhat.com/show_bug.cgi?id=2060499	external
https://bugzilla.redhat.com/show_bug.cgi?id=2069098	external
https://bugzilla.redhat.com/show_bug.cgi?id=2070366	external
https://bugzilla.redhat.com/show_bug.cgi?id=2071491	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072797	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072821	external
https://bugzilla.redhat.com/show_bug.cgi?id=2079916	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086285	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086551	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087724	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088129	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088464	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089391	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089744	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089751	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089804	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091856	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092796	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093771	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093996	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094202	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096285	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096780	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097436	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097586	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099556	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099573	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099923	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100290	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100436	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100442	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100495	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100629	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100679	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100682	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100684	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101144	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101164	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101167	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101333	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101335	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101390	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101394	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101423	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101430	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101445	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101454	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101499	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101501	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101628	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101667	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101681	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102074	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102125	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102132	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102138	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102256	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102448	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102475	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102561	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102737	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102740	external
https://bugzilla.redhat.com/show_bug.cgi?id=2103806	external
https://bugzilla.redhat.com/show_bug.cgi?id=2103807	external
https://bugzilla.redhat.com/show_bug.cgi?id=2103817	external
https://bugzilla.redhat.com/show_bug.cgi?id=2103844	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104331	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104402	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104422	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104424	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104479	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104480	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104785	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104859	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105257	external
https://bugzilla.redhat.com/show_bug.cgi?id=2106175	external
https://bugzilla.redhat.com/show_bug.cgi?id=2106963	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107279	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107376	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107383	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107388	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107390	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107392	external
https://bugzilla.redhat.com/show_bug.cgi?id=2108339	external
https://bugzilla.redhat.com/show_bug.cgi?id=2108638	external
https://bugzilla.redhat.com/show_bug.cgi?id=2109818	external
https://bugzilla.redhat.com/show_bug.cgi?id=2109975	external
https://bugzilla.redhat.com/show_bug.cgi?id=2110256	external
https://bugzilla.redhat.com/show_bug.cgi?id=2110562	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111240	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111292	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111328	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111378	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111744	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111794	external
https://bugzilla.redhat.com/show_bug.cgi?id=2112900	external
https://bugzilla.redhat.com/show_bug.cgi?id=2114516	external
https://bugzilla.redhat.com/show_bug.cgi?id=2114636	external
https://bugzilla.redhat.com/show_bug.cgi?id=2114683	external
https://bugzilla.redhat.com/show_bug.cgi?id=2115257	external
https://bugzilla.redhat.com/show_bug.cgi?id=2115258	external
https://bugzilla.redhat.com/show_bug.cgi?id=2115280	external
https://bugzilla.redhat.com/show_bug.cgi?id=2115769	external
https://bugzilla.redhat.com/show_bug.cgi?id=2116225	external
https://bugzilla.redhat.com/show_bug.cgi?id=2116644	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117549	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117803	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117813	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117872	external
https://bugzilla.redhat.com/show_bug.cgi?id=2118257	external
https://bugzilla.redhat.com/show_bug.cgi?id=2118823	external
https://bugzilla.redhat.com/show_bug.cgi?id=2119069	external
https://bugzilla.redhat.com/show_bug.cgi?id=2119128	external
https://bugzilla.redhat.com/show_bug.cgi?id=2119309	external
https://bugzilla.redhat.com/show_bug.cgi?id=2119615	external
https://bugzilla.redhat.com/show_bug.cgi?id=2120907	external
https://bugzilla.redhat.com/show_bug.cgi?id=2121320	external
https://bugzilla.redhat.com/show_bug.cgi?id=2122236	external
https://bugzilla.redhat.com/show_bug.cgi?id=2122990	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124147	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124307	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124528	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124555	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124557	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124558	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124565	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124572	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124582	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124594	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124597	external
https://bugzilla.redhat.com/show_bug.cgi?id=2126104	external
https://bugzilla.redhat.com/show_bug.cgi?id=2126397	external
https://bugzilla.redhat.com/show_bug.cgi?id=2127787	external
https://bugzilla.redhat.com/show_bug.cgi?id=2127843	external
https://bugzilla.redhat.com/show_bug.cgi?id=2127931	external
https://bugzilla.redhat.com/show_bug.cgi?id=2127947	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128002	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128107	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128872	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128948	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128949	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128997	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129013	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129234	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129301	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129870	external
https://bugzilla.redhat.com/show_bug.cgi?id=2130509	external
https://bugzilla.redhat.com/show_bug.cgi?id=2130588	external
https://bugzilla.redhat.com/show_bug.cgi?id=2130695	external
https://bugzilla.redhat.com/show_bug.cgi?id=2130909	external
https://bugzilla.redhat.com/show_bug.cgi?id=2131157	external
https://bugzilla.redhat.com/show_bug.cgi?id=2131165	external
https://bugzilla.redhat.com/show_bug.cgi?id=2131674	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132031	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132682	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132721	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132744	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132746	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132783	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132932	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133540	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133541	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133542	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133543	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133655	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133656	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133659	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133660	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134123	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134672	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134825	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135805	external
https://bugzilla.redhat.com/show_bug.cgi?id=2136051	external
https://bugzilla.redhat.com/show_bug.cgi?id=2136425	external
https://bugzilla.redhat.com/show_bug.cgi?id=2136534	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137123	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137241	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137243	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137349	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137591	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137731	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137733	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137736	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137896	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138112	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138119	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138199	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138653	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138657	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138664	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139257	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139260	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139293	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139296	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139299	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139306	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139479	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139574	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139651	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139687	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139738	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139820	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140117	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140521	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140534	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140627	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140730	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140808	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140977	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140982	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140998	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141089	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141302	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141399	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141494	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141654	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141711	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142468	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142470	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142511	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142647	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142891	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142929	external
https://bugzilla.redhat.com/show_bug.cgi?id=2143268	external
https://bugzilla.redhat.com/show_bug.cgi?id=2143498	external
https://bugzilla.redhat.com/show_bug.cgi?id=2143964	external
https://bugzilla.redhat.com/show_bug.cgi?id=2144580	external
https://bugzilla.redhat.com/show_bug.cgi?id=2144828	external
https://bugzilla.redhat.com/show_bug.cgi?id=2144839	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153849	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155757	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-38561	self
https://bugzilla.redhat.com/show_bug.cgi?id=2100495	external
https://www.cve.org/CVERecord?id=CVE-2021-38561	external
https://nvd.nist.gov/vuln/detail/CVE-2021-38561	external
https://pkg.go.dev/vuln/GO-2021-0113	external
https://access.redhat.com/security/cve/CVE-2021-44716	self
https://bugzilla.redhat.com/show_bug.cgi?id=2030801	external
https://www.cve.org/CVERecord?id=CVE-2021-44716	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44716	external
https://groups.google.com/g/golang-announce/c/hcm…	external
https://access.redhat.com/security/cve/CVE-2021-44717	self
https://bugzilla.redhat.com/show_bug.cgi?id=2030806	external
https://www.cve.org/CVERecord?id=CVE-2021-44717	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44717	external
https://access.redhat.com/security/cve/CVE-2022-1705	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://www.cve.org/CVERecord?id=CVE-2022-1705	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1705	external
https://go.dev/issue/53188	external
https://groups.google.com/g/golang-announce/c/nqr…	external
https://access.redhat.com/security/cve/CVE-2022-1798	self
https://bugzilla.redhat.com/show_bug.cgi?id=2117872	external
https://www.cve.org/CVERecord?id=CVE-2022-1798	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1798	external
https://github.com/google/security-research/secur…	external
https://access.redhat.com/security/cve/CVE-2022-1962	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107376	external
https://www.cve.org/CVERecord?id=CVE-2022-1962	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1962	external
https://go.dev/issue/53616	external
https://access.redhat.com/security/cve/CVE-2022-23772	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053532	external
https://www.cve.org/CVERecord?id=CVE-2022-23772	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23772	external
https://groups.google.com/g/golang-announce/c/SUs…	external
https://access.redhat.com/security/cve/CVE-2022-23773	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://www.cve.org/CVERecord?id=CVE-2022-23773	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23773	external
https://access.redhat.com/security/cve/CVE-2022-23806	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://www.cve.org/CVERecord?id=CVE-2022-23806	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23806	external
https://access.redhat.com/security/cve/CVE-2022-28131	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107390	external
https://www.cve.org/CVERecord?id=CVE-2022-28131	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28131	external
https://go.dev/issue/53614	external
https://access.redhat.com/security/cve/CVE-2022-29526	self
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://www.cve.org/CVERecord?id=CVE-2022-29526	external
https://nvd.nist.gov/vuln/detail/CVE-2022-29526	external
https://groups.google.com/g/golang-announce/c/Y5q…	external
https://access.redhat.com/security/cve/CVE-2022-30629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://www.cve.org/CVERecord?id=CVE-2022-30629	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30629	external
https://groups.google.com/g/golang-announce/c/TzI…	external
https://access.redhat.com/security/cve/CVE-2022-30630	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://www.cve.org/CVERecord?id=CVE-2022-30630	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30630	external
https://go.dev/issue/53415	external
https://access.redhat.com/security/cve/CVE-2022-30631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://www.cve.org/CVERecord?id=CVE-2022-30631	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30631	external
https://go.dev/issue/53168	external
https://access.redhat.com/security/cve/CVE-2022-30632	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://www.cve.org/CVERecord?id=CVE-2022-30632	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30632	external
https://go.dev/issue/53416	external
https://access.redhat.com/security/cve/CVE-2022-30633	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107392	external
https://www.cve.org/CVERecord?id=CVE-2022-30633	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30633	external
https://go.dev/issue/53611	external
https://access.redhat.com/security/cve/CVE-2022-30635	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107388	external
https://www.cve.org/CVERecord?id=CVE-2022-30635	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30635	external
https://go.dev/issue/53615	external
https://access.redhat.com/security/cve/CVE-2022-32148	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107383	external
https://www.cve.org/CVERecord?id=CVE-2022-32148	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32148	external
https://go.dev/issue/53423	external

Acknowledgments

NCC Group Oliver Brooks and James Klopchic

Joël Gähwiler

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:0408",
        "url": "https://access.redhat.com/errata/RHSA-2023:0408"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1719190",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719190"
      },
      {
        "category": "external",
        "summary": "2023393",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023393"
      },
      {
        "category": "external",
        "summary": "2030801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
      },
      {
        "category": "external",
        "summary": "2030806",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
      },
      {
        "category": "external",
        "summary": "2040377",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040377"
      },
      {
        "category": "external",
        "summary": "2046298",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046298"
      },
      {
        "category": "external",
        "summary": "2052556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052556"
      },
      {
        "category": "external",
        "summary": "2053429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
      },
      {
        "category": "external",
        "summary": "2053532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
      },
      {
        "category": "external",
        "summary": "2053541",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
      },
      {
        "category": "external",
        "summary": "2060499",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060499"
      },
      {
        "category": "external",
        "summary": "2069098",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069098"
      },
      {
        "category": "external",
        "summary": "2070366",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
      },
      {
        "category": "external",
        "summary": "2071491",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071491"
      },
      {
        "category": "external",
        "summary": "2072797",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072797"
      },
      {
        "category": "external",
        "summary": "2072821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072821"
      },
      {
        "category": "external",
        "summary": "2079916",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079916"
      },
      {
        "category": "external",
        "summary": "2084085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
      },
      {
        "category": "external",
        "summary": "2086285",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086285"
      },
      {
        "category": "external",
        "summary": "2086551",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086551"
      },
      {
        "category": "external",
        "summary": "2087724",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087724"
      },
      {
        "category": "external",
        "summary": "2088129",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088129"
      },
      {
        "category": "external",
        "summary": "2088464",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088464"
      },
      {
        "category": "external",
        "summary": "2089391",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089391"
      },
      {
        "category": "external",
        "summary": "2089744",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089744"
      },
      {
        "category": "external",
        "summary": "2089751",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089751"
      },
      {
        "category": "external",
        "summary": "2089804",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089804"
      },
      {
        "category": "external",
        "summary": "2091856",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091856"
      },
      {
        "category": "external",
        "summary": "2092793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
      },
      {
        "category": "external",
        "summary": "2092796",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092796"
      },
      {
        "category": "external",
        "summary": "2093771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093771"
      },
      {
        "category": "external",
        "summary": "2093996",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093996"
      },
      {
        "category": "external",
        "summary": "2094202",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202"
      },
      {
        "category": "external",
        "summary": "2096285",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096285"
      },
      {
        "category": "external",
        "summary": "2096780",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096780"
      },
      {
        "category": "external",
        "summary": "2097436",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097436"
      },
      {
        "category": "external",
        "summary": "2097586",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586"
      },
      {
        "category": "external",
        "summary": "2099556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099556"
      },
      {
        "category": "external",
        "summary": "2099573",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099573"
      },
      {
        "category": "external",
        "summary": "2099923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099923"
      },
      {
        "category": "external",
        "summary": "2100290",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100290"
      },
      {
        "category": "external",
        "summary": "2100436",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100436"
      },
      {
        "category": "external",
        "summary": "2100442",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100442"
      },
      {
        "category": "external",
        "summary": "2100495",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
      },
      {
        "category": "external",
        "summary": "2100629",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100629"
      },
      {
        "category": "external",
        "summary": "2100679",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100679"
      },
      {
        "category": "external",
        "summary": "2100682",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100682"
      },
      {
        "category": "external",
        "summary": "2100684",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100684"
      },
      {
        "category": "external",
        "summary": "2101144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101144"
      },
      {
        "category": "external",
        "summary": "2101164",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164"
      },
      {
        "category": "external",
        "summary": "2101167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101167"
      },
      {
        "category": "external",
        "summary": "2101333",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101333"
      },
      {
        "category": "external",
        "summary": "2101335",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101335"
      },
      {
        "category": "external",
        "summary": "2101390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101390"
      },
      {
        "category": "external",
        "summary": "2101394",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101394"
      },
      {
        "category": "external",
        "summary": "2101423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101423"
      },
      {
        "category": "external",
        "summary": "2101430",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430"
      },
      {
        "category": "external",
        "summary": "2101445",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101445"
      },
      {
        "category": "external",
        "summary": "2101454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454"
      },
      {
        "category": "external",
        "summary": "2101499",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101499"
      },
      {
        "category": "external",
        "summary": "2101501",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101501"
      },
      {
        "category": "external",
        "summary": "2101628",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628"
      },
      {
        "category": "external",
        "summary": "2101667",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101667"
      },
      {
        "category": "external",
        "summary": "2101681",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101681"
      },
      {
        "category": "external",
        "summary": "2102074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102074"
      },
      {
        "category": "external",
        "summary": "2102125",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125"
      },
      {
        "category": "external",
        "summary": "2102132",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102132"
      },
      {
        "category": "external",
        "summary": "2102138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102138"
      },
      {
        "category": "external",
        "summary": "2102256",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256"
      },
      {
        "category": "external",
        "summary": "2102448",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448"
      },
      {
        "category": "external",
        "summary": "2102475",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102475"
      },
      {
        "category": "external",
        "summary": "2102561",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102561"
      },
      {
        "category": "external",
        "summary": "2102737",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102737"
      },
      {
        "category": "external",
        "summary": "2102740",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102740"
      },
      {
        "category": "external",
        "summary": "2103806",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103806"
      },
      {
        "category": "external",
        "summary": "2103807",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103807"
      },
      {
        "category": "external",
        "summary": "2103817",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103817"
      },
      {
        "category": "external",
        "summary": "2103844",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103844"
      },
      {
        "category": "external",
        "summary": "2104331",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104331"
      },
      {
        "category": "external",
        "summary": "2104402",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104402"
      },
      {
        "category": "external",
        "summary": "2104422",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104422"
      },
      {
        "category": "external",
        "summary": "2104424",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104424"
      },
      {
        "category": "external",
        "summary": "2104479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104479"
      },
      {
        "category": "external",
        "summary": "2104480",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104480"
      },
      {
        "category": "external",
        "summary": "2104785",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104785"
      },
      {
        "category": "external",
        "summary": "2104859",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104859"
      },
      {
        "category": "external",
        "summary": "2105257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105257"
      },
      {
        "category": "external",
        "summary": "2106175",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175"
      },
      {
        "category": "external",
        "summary": "2106963",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106963"
      },
      {
        "category": "external",
        "summary": "2107279",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107279"
      },
      {
        "category": "external",
        "summary": "2107342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
      },
      {
        "category": "external",
        "summary": "2107371",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
      },
      {
        "category": "external",
        "summary": "2107374",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
      },
      {
        "category": "external",
        "summary": "2107376",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
      },
      {
        "category": "external",
        "summary": "2107383",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
      },
      {
        "category": "external",
        "summary": "2107386",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
      },
      {
        "category": "external",
        "summary": "2107388",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
      },
      {
        "category": "external",
        "summary": "2107390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
      },
      {
        "category": "external",
        "summary": "2107392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
      },
      {
        "category": "external",
        "summary": "2108339",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108339"
      },
      {
        "category": "external",
        "summary": "2108638",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108638"
      },
      {
        "category": "external",
        "summary": "2109818",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109818"
      },
      {
        "category": "external",
        "summary": "2109975",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109975"
      },
      {
        "category": "external",
        "summary": "2110256",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110256"
      },
      {
        "category": "external",
        "summary": "2110562",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110562"
      },
      {
        "category": "external",
        "summary": "2111240",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111240"
      },
      {
        "category": "external",
        "summary": "2111292",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111292"
      },
      {
        "category": "external",
        "summary": "2111328",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111328"
      },
      {
        "category": "external",
        "summary": "2111378",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111378"
      },
      {
        "category": "external",
        "summary": "2111744",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111744"
      },
      {
        "category": "external",
        "summary": "2111794",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111794"
      },
      {
        "category": "external",
        "summary": "2112900",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112900"
      },
      {
        "category": "external",
        "summary": "2114516",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114516"
      },
      {
        "category": "external",
        "summary": "2114636",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114636"
      },
      {
        "category": "external",
        "summary": "2114683",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114683"
      },
      {
        "category": "external",
        "summary": "2115257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115257"
      },
      {
        "category": "external",
        "summary": "2115258",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115258"
      },
      {
        "category": "external",
        "summary": "2115280",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115280"
      },
      {
        "category": "external",
        "summary": "2115769",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115769"
      },
      {
        "category": "external",
        "summary": "2116225",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116225"
      },
      {
        "category": "external",
        "summary": "2116644",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116644"
      },
      {
        "category": "external",
        "summary": "2117549",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117549"
      },
      {
        "category": "external",
        "summary": "2117803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117803"
      },
      {
        "category": "external",
        "summary": "2117813",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117813"
      },
      {
        "category": "external",
        "summary": "2117872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
      },
      {
        "category": "external",
        "summary": "2118257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118257"
      },
      {
        "category": "external",
        "summary": "2118823",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118823"
      },
      {
        "category": "external",
        "summary": "2119069",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119069"
      },
      {
        "category": "external",
        "summary": "2119128",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119128"
      },
      {
        "category": "external",
        "summary": "2119309",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119309"
      },
      {
        "category": "external",
        "summary": "2119615",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119615"
      },
      {
        "category": "external",
        "summary": "2120907",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120907"
      },
      {
        "category": "external",
        "summary": "2121320",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121320"
      },
      {
        "category": "external",
        "summary": "2122236",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122236"
      },
      {
        "category": "external",
        "summary": "2122990",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122990"
      },
      {
        "category": "external",
        "summary": "2124147",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124147"
      },
      {
        "category": "external",
        "summary": "2124307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124307"
      },
      {
        "category": "external",
        "summary": "2124528",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124528"
      },
      {
        "category": "external",
        "summary": "2124555",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124555"
      },
      {
        "category": "external",
        "summary": "2124557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124557"
      },
      {
        "category": "external",
        "summary": "2124558",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124558"
      },
      {
        "category": "external",
        "summary": "2124565",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124565"
      },
      {
        "category": "external",
        "summary": "2124572",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124572"
      },
      {
        "category": "external",
        "summary": "2124582",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124582"
      },
      {
        "category": "external",
        "summary": "2124594",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124594"
      },
      {
        "category": "external",
        "summary": "2124597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124597"
      },
      {
        "category": "external",
        "summary": "2126104",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126104"
      },
      {
        "category": "external",
        "summary": "2126397",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126397"
      },
      {
        "category": "external",
        "summary": "2127787",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127787"
      },
      {
        "category": "external",
        "summary": "2127843",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127843"
      },
      {
        "category": "external",
        "summary": "2127931",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127931"
      },
      {
        "category": "external",
        "summary": "2127947",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127947"
      },
      {
        "category": "external",
        "summary": "2128002",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128002"
      },
      {
        "category": "external",
        "summary": "2128107",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128107"
      },
      {
        "category": "external",
        "summary": "2128872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128872"
      },
      {
        "category": "external",
        "summary": "2128948",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128948"
      },
      {
        "category": "external",
        "summary": "2128949",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128949"
      },
      {
        "category": "external",
        "summary": "2128997",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128997"
      },
      {
        "category": "external",
        "summary": "2129013",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129013"
      },
      {
        "category": "external",
        "summary": "2129234",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129234"
      },
      {
        "category": "external",
        "summary": "2129301",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129301"
      },
      {
        "category": "external",
        "summary": "2129870",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129870"
      },
      {
        "category": "external",
        "summary": "2130509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130509"
      },
      {
        "category": "external",
        "summary": "2130588",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130588"
      },
      {
        "category": "external",
        "summary": "2130695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130695"
      },
      {
        "category": "external",
        "summary": "2130909",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130909"
      },
      {
        "category": "external",
        "summary": "2131157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131157"
      },
      {
        "category": "external",
        "summary": "2131165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131165"
      },
      {
        "category": "external",
        "summary": "2131674",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131674"
      },
      {
        "category": "external",
        "summary": "2132031",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132031"
      },
      {
        "category": "external",
        "summary": "2132682",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132682"
      },
      {
        "category": "external",
        "summary": "2132721",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132721"
      },
      {
        "category": "external",
        "summary": "2132744",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132744"
      },
      {
        "category": "external",
        "summary": "2132746",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132746"
      },
      {
        "category": "external",
        "summary": "2132783",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132783"
      },
      {
        "category": "external",
        "summary": "2132793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132793"
      },
      {
        "category": "external",
        "summary": "2132932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132932"
      },
      {
        "category": "external",
        "summary": "2133540",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133540"
      },
      {
        "category": "external",
        "summary": "2133541",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133541"
      },
      {
        "category": "external",
        "summary": "2133542",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133542"
      },
      {
        "category": "external",
        "summary": "2133543",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133543"
      },
      {
        "category": "external",
        "summary": "2133655",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133655"
      },
      {
        "category": "external",
        "summary": "2133656",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133656"
      },
      {
        "category": "external",
        "summary": "2133659",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133659"
      },
      {
        "category": "external",
        "summary": "2133660",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133660"
      },
      {
        "category": "external",
        "summary": "2134123",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134123"
      },
      {
        "category": "external",
        "summary": "2134672",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134672"
      },
      {
        "category": "external",
        "summary": "2134825",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134825"
      },
      {
        "category": "external",
        "summary": "2135805",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135805"
      },
      {
        "category": "external",
        "summary": "2136051",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136051"
      },
      {
        "category": "external",
        "summary": "2136425",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136425"
      },
      {
        "category": "external",
        "summary": "2136534",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136534"
      },
      {
        "category": "external",
        "summary": "2137123",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137123"
      },
      {
        "category": "external",
        "summary": "2137241",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137241"
      },
      {
        "category": "external",
        "summary": "2137243",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137243"
      },
      {
        "category": "external",
        "summary": "2137349",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137349"
      },
      {
        "category": "external",
        "summary": "2137591",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137591"
      },
      {
        "category": "external",
        "summary": "2137731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137731"
      },
      {
        "category": "external",
        "summary": "2137733",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137733"
      },
      {
        "category": "external",
        "summary": "2137736",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137736"
      },
      {
        "category": "external",
        "summary": "2137896",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137896"
      },
      {
        "category": "external",
        "summary": "2138112",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138112"
      },
      {
        "category": "external",
        "summary": "2138119",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138119"
      },
      {
        "category": "external",
        "summary": "2138199",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138199"
      },
      {
        "category": "external",
        "summary": "2138653",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138653"
      },
      {
        "category": "external",
        "summary": "2138657",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138657"
      },
      {
        "category": "external",
        "summary": "2138664",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138664"
      },
      {
        "category": "external",
        "summary": "2139257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139257"
      },
      {
        "category": "external",
        "summary": "2139260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139260"
      },
      {
        "category": "external",
        "summary": "2139293",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139293"
      },
      {
        "category": "external",
        "summary": "2139296",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139296"
      },
      {
        "category": "external",
        "summary": "2139299",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139299"
      },
      {
        "category": "external",
        "summary": "2139306",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139306"
      },
      {
        "category": "external",
        "summary": "2139479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139479"
      },
      {
        "category": "external",
        "summary": "2139574",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139574"
      },
      {
        "category": "external",
        "summary": "2139651",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139651"
      },
      {
        "category": "external",
        "summary": "2139687",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139687"
      },
      {
        "category": "external",
        "summary": "2139738",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139738"
      },
      {
        "category": "external",
        "summary": "2139820",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139820"
      },
      {
        "category": "external",
        "summary": "2140117",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140117"
      },
      {
        "category": "external",
        "summary": "2140521",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140521"
      },
      {
        "category": "external",
        "summary": "2140534",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140534"
      },
      {
        "category": "external",
        "summary": "2140627",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140627"
      },
      {
        "category": "external",
        "summary": "2140730",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140730"
      },
      {
        "category": "external",
        "summary": "2140808",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140808"
      },
      {
        "category": "external",
        "summary": "2140977",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140977"
      },
      {
        "category": "external",
        "summary": "2140982",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140982"
      },
      {
        "category": "external",
        "summary": "2140998",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140998"
      },
      {
        "category": "external",
        "summary": "2141089",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141089"
      },
      {
        "category": "external",
        "summary": "2141302",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141302"
      },
      {
        "category": "external",
        "summary": "2141399",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141399"
      },
      {
        "category": "external",
        "summary": "2141494",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141494"
      },
      {
        "category": "external",
        "summary": "2141654",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141654"
      },
      {
        "category": "external",
        "summary": "2141711",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141711"
      },
      {
        "category": "external",
        "summary": "2142468",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142468"
      },
      {
        "category": "external",
        "summary": "2142470",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142470"
      },
      {
        "category": "external",
        "summary": "2142511",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142511"
      },
      {
        "category": "external",
        "summary": "2142647",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142647"
      },
      {
        "category": "external",
        "summary": "2142891",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142891"
      },
      {
        "category": "external",
        "summary": "2142929",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142929"
      },
      {
        "category": "external",
        "summary": "2143268",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143268"
      },
      {
        "category": "external",
        "summary": "2143498",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143498"
      },
      {
        "category": "external",
        "summary": "2143964",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143964"
      },
      {
        "category": "external",
        "summary": "2144580",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144580"
      },
      {
        "category": "external",
        "summary": "2144828",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144828"
      },
      {
        "category": "external",
        "summary": "2144839",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144839"
      },
      {
        "category": "external",
        "summary": "2153849",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153849"
      },
      {
        "category": "external",
        "summary": "2155757",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155757"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0408.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update",
    "tracking": {
      "current_release_date": "2024-12-17T22:08:25+00:00",
      "generator": {
        "date": "2024-12-17T22:08:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2023:0408",
      "initial_release_date": "2023-01-25T11:11:29+00:00",
      "revision_history": [
        {
          "date": "2023-01-25T11:11:29+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-01-25T11:11:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T22:08:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CNV 4.12 for RHEL 8",
                "product": {
                  "name": "CNV 4.12 for RHEL 8",
                  "product_id": "8Base-CNV-4.12",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
                "product": {
                  "name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
                  "product_id": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
                "product": {
                  "name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
                  "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
                "product": {
                  "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
                  "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
                "product": {
                  "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
                  "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.12.0-58"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
                "product": {
                  "name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
                  "product_id": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.12.0-769"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
                  "product_id": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.12.0-30"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
                  "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.12.0-30"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
                  "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.12.0-31"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
                "product": {
                  "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
                  "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.12.0-96"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
                "product": {
                  "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
                  "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.12.0-96"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
                "product": {
                  "name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
                  "product_id": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
                  "product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.12.0-182"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
                  "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.12.0-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.12.0-40"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.12.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
                  "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.12.0-32"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
                "product": {
                  "name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
                  "product_id": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
                "product": {
                  "name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
                  "product_id": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
                "product": {
                  "name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
                  "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.12.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
                  "product_id": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
                  "product_id": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.12.0-71"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.12.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
                  "product_id": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
                  "product_id": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
                  "product_id": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
                  "product_id": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
                "product": {
                  "name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
                  "product_id": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.12.0-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
                  "product_id": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
                  "product_id": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.12.0-255"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
                  "product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.12.0-89"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64"
        },
        "product_reference": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64"
        },
        "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64"
        },
        "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64"
        },
        "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64"
        },
        "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64"
        },
        "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64"
        },
        "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64"
        },
        "product_reference": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
        },
        "product_reference": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64"
        },
        "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64"
        },
        "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        },
        "product_reference": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64"
        },
        "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64"
        },
        "product_reference": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64"
        },
        "product_reference": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64"
        },
        "product_reference": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64"
        },
        "product_reference": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64"
        },
        "product_reference": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        },
        "product_reference": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64"
        },
        "product_reference": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 as a component of CNV 4.12 for RHEL 8",
          "product_id": "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        },
        "product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
        "relates_to_product_reference": "8Base-CNV-4.12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-38561",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2022-06-23T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2100495"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "RHBZ#2100495",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2021-0113",
          "url": "https://pkg.go.dev/vuln/GO-2021-0113"
        }
      ],
      "release_date": "2021-08-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
    },
    {
      "cve": "CVE-2021-44716",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-12-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: limit growth of header canonicalization cache",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
          "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
        }
      ],
      "release_date": "2021-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: limit growth of header canonicalization cache"
    },
    {
      "cve": "CVE-2021-44717",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-12-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030806"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030806",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
          "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
        }
      ],
      "release_date": "2021-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        },
        {
          "category": "workaround",
          "details": "This bug can be mitigated by raising the per-process file descriptor limit.",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
    },
    {
      "cve": "CVE-2022-1705",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107374"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: improper sanitization of Transfer-Encoding header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107374",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53188",
          "url": "https://go.dev/issue/53188"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: improper sanitization of Transfer-Encoding header"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Oliver Brooks and James Klopchic"
          ],
          "organization": "NCC Group"
        }
      ],
      "cve": "CVE-2022-1798",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-08-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2117872"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1798"
        },
        {
          "category": "external",
          "summary": "RHBZ#2117872",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
        },
        {
          "category": "external",
          "summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
          "url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
        }
      ],
      "release_date": "2022-08-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
    },
    {
      "cve": "CVE-2022-1962",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107376"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: go/parser: stack exhaustion in all Parse* functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107376",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53616",
          "url": "https://go.dev/issue/53616"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: go/parser: stack exhaustion in all Parse* functions"
    },
    {
      "cve": "CVE-2022-23772",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053532"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053532",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-01-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
    },
    {
      "cve": "CVE-2022-23773",
      "cwe": {
        "id": "CWE-1220",
        "name": "Insufficient Granularity of Access Control"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053541"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053541",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
    },
    {
      "cve": "CVE-2022-23806",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053429"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053429",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
    },
    {
      "cve": "CVE-2022-28131",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107390"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107390",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53614",
          "url": "https://go.dev/issue/53614"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jo\u00ebl G\u00e4hwiler"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-29526",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges "
      },
      "discovery_date": "2022-05-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2084085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: faccessat checks wrong group",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "RHBZ#2084085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
          "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
        }
      ],
      "release_date": "2022-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: faccessat checks wrong group"
    },
    {
      "cve": "CVE-2022-30629",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2022-06-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2092793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: session tickets lack random ticket_age_add",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2092793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
          "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
        }
      ],
      "release_date": "2022-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/tls: session tickets lack random ticket_age_add"
    },
    {
      "cve": "CVE-2022-30630",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107371"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: io/fs: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107371",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53415",
          "url": "https://go.dev/issue/53415"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: io/fs: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-30631",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: compress/gzip: stack exhaustion in Reader.Read",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53168",
          "url": "https://go.dev/issue/53168"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: compress/gzip: stack exhaustion in Reader.Read"
    },
    {
      "cve": "CVE-2022-30632",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107386"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: path/filepath: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107386",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53416",
          "url": "https://go.dev/issue/53416"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: path/filepath: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-30633",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/xml: stack exhaustion in Unmarshal",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53611",
          "url": "https://go.dev/issue/53611"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/xml: stack exhaustion in Unmarshal"
    },
    {
      "cve": "CVE-2022-30635",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107388"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107388",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53615",
          "url": "https://go.dev/issue/53615"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
    },
    {
      "cve": "CVE-2022-32148",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107383"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
          "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
          "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
          "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
          "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
          "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
          "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
          "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107383",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53423",
          "url": "https://go.dev/issue/53423"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-25T11:11:29+00:00",
          "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0408"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
            "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
            "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
            "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
            "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
            "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
            "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
            "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
    }
  ]
}

SSA-744259

Vulnerability from csaf_siemens - Published: 2023-02-14 00:00 - Updated: 2023-02-14 00:00

Summary

SSA-744259: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1

Notes

Summary: Siemens has released a new version for Brownfield Connectivity - Gateway that contains fixes for multiple vulnerabilities in the underlying Golang implementation. Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS). Siemens has released an update for Brownfield Connectivity - Gateway and recommends to update to the latest version.

General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

CVE-2021-41771

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		< V1.10	Vendor Fix

CVE-2021-41772

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		< V1.10	Vendor Fix

CVE-2021-44716

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		< V1.10	Vendor Fix

CVE-2021-44717

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CWE-668 - Exposure of Resource to Wrong Sphere

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		< V1.10	Vendor Fix

CVE-2022-24675

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		< V1.10	Vendor Fix
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		V1.10.1	Vendor Fix

CVE-2022-24921

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		< V1.10	Vendor Fix

CVE-2022-27536

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		< V1.10	Vendor Fix
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		V1.10.1	Vendor Fix

CVE-2022-28327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		< V1.10	Vendor Fix
Brownfield Connectivity - Gateway Siemens / Brownfield Connectivity - Gateway		V1.10.1	Vendor Fix

References

3 references

URL	Category
https://cert-portal.siemens.com/productcert/pdf/s…	self
https://cert-portal.siemens.com/productcert/txt/s…	self
https://cert-portal.siemens.com/productcert/csaf/…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "notes": [
      {
        "category": "summary",
        "text": "Siemens has released a new version for Brownfield Connectivity - Gateway that contains fixes for multiple vulnerabilities in the underlying Golang implementation. Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS).\n\nSiemens has released an update for Brownfield Connectivity - Gateway and recommends to update to the latest version.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-744259: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1 - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-744259: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1 - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-744259.txt"
      },
      {
        "category": "self",
        "summary": "SSA-744259: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-744259.json"
      }
    ],
    "title": "SSA-744259: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1",
    "tracking": {
      "current_release_date": "2023-02-14T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-744259",
      "initial_release_date": "2023-02-14T00:00:00Z",
      "revision_history": [
        {
          "date": "2023-02-14T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V1.10",
                "product": {
                  "name": "Brownfield Connectivity - Gateway",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "V1.10.1",
                "product": {
                  "name": "Brownfield Connectivity - Gateway",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "Brownfield Connectivity - Gateway"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-41771",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-41771"
    },
    {
      "cve": "CVE-2021-41772",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-41772"
    },
    {
      "cve": "CVE-2021-44716",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2021-44717",
      "cwe": {
        "id": "CWE-668",
        "name": "Exposure of Resource to Wrong Sphere"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-44717"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "summary",
          "text": "encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
          "product_ids": [
            "1",
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2022-24675"
    },
    {
      "cve": "CVE-2022-24921",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-24921"
    },
    {
      "cve": "CVE-2022-27536",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
          "product_ids": [
            "1",
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2022-27536"
    },
    {
      "cve": "CVE-2022-28327",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
          "product_ids": [
            "1",
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2022-28327"
    }
  ]
}

SUSE-SU-2021:4169-1

Vulnerability from csaf_suse - Published: 2021-12-23 08:53 - Updated: 2021-12-23 08:53

Summary

Security update for go1.16

Severity

Moderate

Notes

Title of the patch: Security update for go1.16

Description of the patch: This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345) - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598). - CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).

Patchnames: SUSE-2021-4169,SUSE-SLE-Module-Development-Tools-15-SP2-2021-4169,SUSE-SLE-Module-Development-Tools-15-SP3-2021-4169,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4169,SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4169,SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4169,SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4169,SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4169,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4169,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4169,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4169,SUSE-Storage-7-2021-4169

CVE-2021-44716

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 69 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-44717

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 69 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64	—	Vendor Fix

Threats

Impact moderate

References

13 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1182345	self
https://bugzilla.suse.com/1193597	self
https://bugzilla.suse.com/1193598	self
https://www.suse.com/security/cve/CVE-2021-44716/	self
https://www.suse.com/security/cve/CVE-2021-44717/	self
https://www.suse.com/security/cve/CVE-2021-44716	external
https://bugzilla.suse.com/1193597	external
https://www.suse.com/security/cve/CVE-2021-44717	external
https://bugzilla.suse.com/1193598	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for go1.16",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for go1.16 fixes the following issues:\n\nUpdated to upstream version 1.16.12 to include security fixes to the compiler,\nsyscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345)\n\n- CVE-2021-44717: syscall: don\u0027t close fd 0 on ForkExec error (bsc#1193598).\n- CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-4169,SUSE-SLE-Module-Development-Tools-15-SP2-2021-4169,SUSE-SLE-Module-Development-Tools-15-SP3-2021-4169,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4169,SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4169,SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4169,SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4169,SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4169,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4169,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4169,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4169,SUSE-Storage-7-2021-4169",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_4169-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:4169-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214169-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:4169-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009938.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182345",
        "url": "https://bugzilla.suse.com/1182345"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193597",
        "url": "https://bugzilla.suse.com/1193597"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193598",
        "url": "https://bugzilla.suse.com/1193598"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-44716 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-44716/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-44717 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-44717/"
      }
    ],
    "title": "Security update for go1.16",
    "tracking": {
      "current_release_date": "2021-12-23T08:53:15Z",
      "generator": {
        "date": "2021-12-23T08:53:15Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:4169-1",
      "initial_release_date": "2021-12-23T08:53:15Z",
      "revision_history": [
        {
          "date": "2021-12-23T08:53:15Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.16-1.16.12-1.37.2.aarch64",
                "product": {
                  "name": "go1.16-1.16.12-1.37.2.aarch64",
                  "product_id": "go1.16-1.16.12-1.37.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.16-doc-1.16.12-1.37.2.aarch64",
                "product": {
                  "name": "go1.16-doc-1.16.12-1.37.2.aarch64",
                  "product_id": "go1.16-doc-1.16.12-1.37.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.16-race-1.16.12-1.37.2.aarch64",
                "product": {
                  "name": "go1.16-race-1.16.12-1.37.2.aarch64",
                  "product_id": "go1.16-race-1.16.12-1.37.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.16-1.16.12-1.37.2.i586",
                "product": {
                  "name": "go1.16-1.16.12-1.37.2.i586",
                  "product_id": "go1.16-1.16.12-1.37.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "go1.16-doc-1.16.12-1.37.2.i586",
                "product": {
                  "name": "go1.16-doc-1.16.12-1.37.2.i586",
                  "product_id": "go1.16-doc-1.16.12-1.37.2.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.16-1.16.12-1.37.2.ppc64le",
                "product": {
                  "name": "go1.16-1.16.12-1.37.2.ppc64le",
                  "product_id": "go1.16-1.16.12-1.37.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "go1.16-doc-1.16.12-1.37.2.ppc64le",
                "product": {
                  "name": "go1.16-doc-1.16.12-1.37.2.ppc64le",
                  "product_id": "go1.16-doc-1.16.12-1.37.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.16-1.16.12-1.37.2.s390x",
                "product": {
                  "name": "go1.16-1.16.12-1.37.2.s390x",
                  "product_id": "go1.16-1.16.12-1.37.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "go1.16-doc-1.16.12-1.37.2.s390x",
                "product": {
                  "name": "go1.16-doc-1.16.12-1.37.2.s390x",
                  "product_id": "go1.16-doc-1.16.12-1.37.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.16-1.16.12-1.37.2.x86_64",
                "product": {
                  "name": "go1.16-1.16.12-1.37.2.x86_64",
                  "product_id": "go1.16-1.16.12-1.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.16-doc-1.16.12-1.37.2.x86_64",
                "product": {
                  "name": "go1.16-doc-1.16.12-1.37.2.x86_64",
                  "product_id": "go1.16-doc-1.16.12-1.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.16-race-1.16.12-1.37.2.x86_64",
                "product": {
                  "name": "go1.16-race-1.16.12-1.37.2.x86_64",
                  "product_id": "go1.16-race-1.16.12-1.37.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-development-tools:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
                  "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_bcl:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy 4.1",
                "product": {
                  "name": "SUSE Manager Proxy 4.1",
                  "product_id": "SUSE Manager Proxy 4.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Retail Branch Server 4.1",
                "product": {
                  "name": "SUSE Manager Retail Branch Server 4.1",
                  "product_id": "SUSE Manager Retail Branch Server 4.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 4.1",
                "product": {
                  "name": "SUSE Manager Server 4.1",
                  "product_id": "SUSE Manager Server 4.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 7",
                "product": {
                  "name": "SUSE Enterprise Storage 7",
                  "product_id": "SUSE Enterprise Storage 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Manager Proxy 4.1",
          "product_id": "SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Manager Proxy 4.1",
          "product_id": "SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Manager Proxy 4.1",
          "product_id": "SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
          "product_id": "SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
          "product_id": "SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
          "product_id": "SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.ppc64le as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.s390x as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.ppc64le as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.s390x as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64"
        },
        "product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44716",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-44716"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
          "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
          "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
          "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
          "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-44716",
          "url": "https://www.suse.com/security/cve/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193597 for CVE-2021-44716",
          "url": "https://bugzilla.suse.com/1193597"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-12-23T08:53:15Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2021-44717",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-44717"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
          "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
          "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
          "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
          "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
          "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
          "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
          "SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-44717",
          "url": "https://www.suse.com/security/cve/CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193598 for CVE-2021-44717",
          "url": "https://bugzilla.suse.com/1193598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
            "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
            "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
            "SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-12-23T08:53:15Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-44717"
    }
  ]
}

SUSE-SU-2021:4186-1

Vulnerability from csaf_suse - Published: 2021-12-23 11:36 - Updated: 2021-12-23 11:36

Summary

Security update for go1.17

Severity

Moderate

Notes

Title of the patch: Security update for go1.17

Description of the patch: This update for go1.17 fixes the following issues: Updated to upstream version 1.17.5 to include fixes to the compiler, linker, syscall, runtime, the net/http, go/types, and time packages (bsc#1190649) - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598). - CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).

Patchnames: SUSE-2021-4186,SUSE-SLE-Module-Development-Tools-15-SP2-2021-4186,SUSE-SLE-Module-Development-Tools-15-SP3-2021-4186,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4186,SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4186,SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4186,SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4186,SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4186,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4186,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4186,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4186,SUSE-Storage-7-2021-4186

CVE-2021-44716

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 69 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-44717

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 69 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64	—	Vendor Fix

Threats

Impact moderate

References

13 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1190649	self
https://bugzilla.suse.com/1193597	self
https://bugzilla.suse.com/1193598	self
https://www.suse.com/security/cve/CVE-2021-44716/	self
https://www.suse.com/security/cve/CVE-2021-44717/	self
https://www.suse.com/security/cve/CVE-2021-44716	external
https://bugzilla.suse.com/1193597	external
https://www.suse.com/security/cve/CVE-2021-44717	external
https://bugzilla.suse.com/1193598	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for go1.17",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for go1.17 fixes the following issues:\n\nUpdated to upstream version 1.17.5 to include fixes to the compiler, linker,\nsyscall, runtime, the net/http, go/types, and time packages (bsc#1190649)\n\n- CVE-2021-44717: syscall: don\u0027t close fd 0 on ForkExec error (bsc#1193598).\n- CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-4186,SUSE-SLE-Module-Development-Tools-15-SP2-2021-4186,SUSE-SLE-Module-Development-Tools-15-SP3-2021-4186,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4186,SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4186,SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4186,SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4186,SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4186,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4186,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4186,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4186,SUSE-Storage-7-2021-4186",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_4186-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:4186-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214186-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:4186-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009942.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1190649",
        "url": "https://bugzilla.suse.com/1190649"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193597",
        "url": "https://bugzilla.suse.com/1193597"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193598",
        "url": "https://bugzilla.suse.com/1193598"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-44716 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-44716/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-44717 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-44717/"
      }
    ],
    "title": "Security update for go1.17",
    "tracking": {
      "current_release_date": "2021-12-23T11:36:19Z",
      "generator": {
        "date": "2021-12-23T11:36:19Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:4186-1",
      "initial_release_date": "2021-12-23T11:36:19Z",
      "revision_history": [
        {
          "date": "2021-12-23T11:36:19Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.17-1.17.5-1.14.2.aarch64",
                "product": {
                  "name": "go1.17-1.17.5-1.14.2.aarch64",
                  "product_id": "go1.17-1.17.5-1.14.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.17-doc-1.17.5-1.14.2.aarch64",
                "product": {
                  "name": "go1.17-doc-1.17.5-1.14.2.aarch64",
                  "product_id": "go1.17-doc-1.17.5-1.14.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.17-race-1.17.5-1.14.2.aarch64",
                "product": {
                  "name": "go1.17-race-1.17.5-1.14.2.aarch64",
                  "product_id": "go1.17-race-1.17.5-1.14.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.17-1.17.5-1.14.2.i586",
                "product": {
                  "name": "go1.17-1.17.5-1.14.2.i586",
                  "product_id": "go1.17-1.17.5-1.14.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "go1.17-doc-1.17.5-1.14.2.i586",
                "product": {
                  "name": "go1.17-doc-1.17.5-1.14.2.i586",
                  "product_id": "go1.17-doc-1.17.5-1.14.2.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.17-1.17.5-1.14.2.ppc64le",
                "product": {
                  "name": "go1.17-1.17.5-1.14.2.ppc64le",
                  "product_id": "go1.17-1.17.5-1.14.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "go1.17-doc-1.17.5-1.14.2.ppc64le",
                "product": {
                  "name": "go1.17-doc-1.17.5-1.14.2.ppc64le",
                  "product_id": "go1.17-doc-1.17.5-1.14.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.17-1.17.5-1.14.2.s390x",
                "product": {
                  "name": "go1.17-1.17.5-1.14.2.s390x",
                  "product_id": "go1.17-1.17.5-1.14.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "go1.17-doc-1.17.5-1.14.2.s390x",
                "product": {
                  "name": "go1.17-doc-1.17.5-1.14.2.s390x",
                  "product_id": "go1.17-doc-1.17.5-1.14.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.17-1.17.5-1.14.2.x86_64",
                "product": {
                  "name": "go1.17-1.17.5-1.14.2.x86_64",
                  "product_id": "go1.17-1.17.5-1.14.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.17-doc-1.17.5-1.14.2.x86_64",
                "product": {
                  "name": "go1.17-doc-1.17.5-1.14.2.x86_64",
                  "product_id": "go1.17-doc-1.17.5-1.14.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.17-race-1.17.5-1.14.2.x86_64",
                "product": {
                  "name": "go1.17-race-1.17.5-1.14.2.x86_64",
                  "product_id": "go1.17-race-1.17.5-1.14.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-development-tools:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
                  "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_bcl:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy 4.1",
                "product": {
                  "name": "SUSE Manager Proxy 4.1",
                  "product_id": "SUSE Manager Proxy 4.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Retail Branch Server 4.1",
                "product": {
                  "name": "SUSE Manager Retail Branch Server 4.1",
                  "product_id": "SUSE Manager Retail Branch Server 4.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 4.1",
                "product": {
                  "name": "SUSE Manager Server 4.1",
                  "product_id": "SUSE Manager Server 4.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 7",
                "product": {
                  "name": "SUSE Enterprise Storage 7",
                  "product_id": "SUSE Enterprise Storage 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Manager Proxy 4.1",
          "product_id": "SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Manager Proxy 4.1",
          "product_id": "SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Manager Proxy 4.1",
          "product_id": "SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
          "product_id": "SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
          "product_id": "SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
          "product_id": "SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.ppc64le as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.s390x as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.ppc64le as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.s390x as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Manager Server 4.1",
          "product_id": "SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64"
        },
        "product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44716",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-44716"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
          "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
          "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
          "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
          "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-44716",
          "url": "https://www.suse.com/security/cve/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193597 for CVE-2021-44716",
          "url": "https://bugzilla.suse.com/1193597"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-12-23T11:36:19Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2021-44717",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-44717"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
          "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
          "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
          "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
          "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
          "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
          "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
          "SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-44717",
          "url": "https://www.suse.com/security/cve/CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193598 for CVE-2021-44717",
          "url": "https://bugzilla.suse.com/1193598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
            "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
            "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
            "SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-12-23T11:36:19Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-44717"
    }
  ]
}

SUSE-SU-2022:1729-1

Vulnerability from csaf_suse - Published: 2022-05-18 14:55 - Updated: 2022-05-18 14:55

Summary

Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud

Severity

Important

Notes

Title of the patch: Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud

Description of the patch: This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues: Security fixes included on the update: ardana-barbican: - Update policies to protect container secret access (SOC-11621) - Update policies to protect secret metadata access (SOC-11620) openstack-neutron: - CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794). rubygem-sinatra: - CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138). python-XStatic-jquery-ui: - CVE-2021-41182: Fixed XSS in the `altField` option of the Datepicker widget (bsc#1192070) - CVE-2021-41183: Fixed XSS in the `of` option of the `.position()` util (bsc#1192073) - CVE-2021-41184: Fixed XSS in `*Text` options of the Datepicker widget (bsc#1192075) python-lxml: - CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088). - CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534). - CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177). - CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752). openstack-barbican: - CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952). - CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project's containers (bsc#1194954). grafana: - CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597). openstack-keystone: - CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390). Non-security fixes included on the update: Changes in ardana-barbican: - Update to version 9.0+git.1644879908.8a641c1: * Update policies to protect container secret access (SOC-11621) - Update to version 9.0+git.1643052417.9a3348e: * update policies to protect secret metadata access (SOC-11620) Changes in grafana: - Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813) * directory traversal vulnerability for .md files - Bump Go to 1.16 (bsc#1193597, CVE-2021-44716) * Fix Go net/http: limit growth of header canonicalization cache Changes in openstack-barbican: - Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix the legacy policy rules for adding a secret to a container and removing a secret from a container. bsc#1194954,CVE-2022-23452 - Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the legacy policy rules for accessing secret metadata by checking that the user making the request is authenticated for the project that owns the secret. bsc#1194952,CVE-2022-23451 Changes in openstack-cinder: - Update to version cinder-13.0.10.dev24: * Correct group:reset\_group\_snapshot\_status policy Changes in openstack-cinder: - Update to version cinder-13.0.10.dev24: * Correct group:reset\_group\_snapshot\_status policy Changes in openstack-heat-gbp: - Update to version group-based-policy-automation-14.0.1.dev4: * Add support for yoga - Update to version group-based-policy-automation-14.0.1.dev3: * Python2/3 compatibility fixes - Update to version group-based-policy-automation-14.0.1.dev2: * Add support for xena - Update to version group-based-policy-automation-14.0.1.dev1: * Remove py27 from gate jobs 14.0.0 Changes in openstack-horizon-plugin-gbp-ui: - Update to version group-based-policy-ui-14.0.1.dev3: * Add support for yoga - Update to version group-based-policy-ui-14.0.1.dev2: * Python2/3 compatibility changes - Update to version group-based-policy-ui-14.0.1.dev1: * Add support for xena 14.0.0 Changes in openstack-ironic: - Update to version ironic-11.1.5.dev18: * Cleanup stable/rocky legacy jobs Changes in openstack-ironic: - Update to version ironic-11.1.5.dev18: * Cleanup stable/rocky legacy jobs Changes in openstack-keystone: - Update to version keystone-14.2.1.dev9: * Delete system role assignments from system\_assignment table Changes in openstack-keystone: - Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix the problem where AccountLocked exception discloses sensitive information. bsc#1189390,CVE-2021-38155 - Update to version keystone-14.2.1.dev9: * Delete system role assignments from system\_assignment table Changes in openstack-neutron-gbp: - Update to version group-based-policy-14.0.1.dev33: * Populate network mtu for erspan - Update to version group-based-policy-14.0.1.dev32: * ERSPAN config error when Openstack port is created in a different project than network it belongs to 2014.2.rc1 - Update to version group-based-policy-14.0.1.dev31: * Python2/3 compatibility fixes 2014.2.0rc1 - Update to version group-based-policy-14.0.1.dev29: * Fix oslo\_i18n usage - Update to version group-based-policy-14.0.1.dev27: * Update mechanism\_driver cache 2014.2.rc1 - Update to version group-based-policy-14.0.1.dev26: * Add support for xena - Update to version group-based-policy-14.0.1.dev24: * update\_floatingip\_status\_while\_deleting\_the\_vm - Update to version group-based-policy-14.0.1.dev22: * Updating host id by appending pid in existing host id 2014.2.0rc1 - Update to version group-based-policy-14.0.1.dev20: * Revert 'Add workaround to get\_subnets' Changes in python-lxml: - Fix bsc#1179534 (CVE-2020-27783) mXSS due to the use of improper parser Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch - Fix bsc#1118088 (CVE-2018-19787) lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks Patch file: 0001-CVE-2018-19787.patch - Fix bsc#1184177 (CVE-2021-28957) missing input sanitization for formaction HTML5 attributes may lead to XSS Patch file: 0001-CVE-2021-28957.patch - Fix bsc#1193752 (CVE-2021-43818) Cleaner: Remove SVG image data URLs since they can embed script content. Reported as GHSL-2021-1037 and GHSL-2021-1038 Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch Changes in openstack-neutron-doc: - Update to version neutron-13.0.8.dev206: * Wait longer before deleting DPDK vhu trunk bridges - Update to version neutron-13.0.8.dev205: * Do no use '--strict' for OF deletion in TRANSIENT\_TABLE - Update to version neutron-13.0.8.dev203: * Populate self.floating\_ips\_dict using 'ip rule' information - Update to version neutron-13.0.8.dev201: * [Functional] Wait for the initial state of ha router before test * Don't setup bridge controller if it is already set - Update to version neutron-13.0.8.dev198: * Remove dhcp\_extra\_opt name after first newline character - Update to version neutron-13.0.8.dev196: * [L3] Use processing queue for network update events * Add extra logs to the network update callback in L3 agent - Update to version neutron-13.0.8.dev192: * Remove dhcp\_extra\_opt value after first newline character - Update to version neutron-13.0.8.dev190: * Don't use singleton in routes.middleware.RoutesMiddleware - Update to version neutron-13.0.8.dev189: * Fix notify listener syntax for SEGMENT\_HOST\_MAPPING - Update to version neutron-13.0.8.dev188: * Clean port forwarding cache when router is DOWN - Update to version neutron-13.0.8.dev186: * Remove FIP agent's gw port when L3 agent is deleted - Update to version neutron-13.0.8.dev184: * Force to close http connection after notify about HA router status - Update to version neutron-13.0.8.dev183: * Don't configure dnsmasq entries for 'network' ports - Update to version neutron-13.0.8.dev181: * Exclude fallback tunnel devices from netns cleanup - Update to version neutron-13.0.8.dev180: * [DVR] Send allowed address pairs info to the L3 agents * designate: allow PTR zone creation to fail * Don't try to create default SG when security groups are disabled - Update to version neutron-13.0.8.dev174: * Fix update of trunk subports during live migration - Update to version neutron-13.0.8.dev172: * [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses - Update to version neutron-13.0.8.dev170: * Call install\_ingress\_direct\_goto\_flows() when ovs restarts - Update to version neutron-13.0.8.dev168: * Fix multicast traffic with IGMP snooping enabled - Update to version neutron-13.0.8.dev166: * Fix OVS conjunctive IP flows cleanup Changes in openstack-neutron: - Update to version neutron-13.0.8.dev206: * Wait longer before deleting DPDK vhu trunk bridges - Update to version neutron-13.0.8.dev205: * Do no use '--strict' for OF deletion in TRANSIENT\_TABLE - Update to version neutron-13.0.8.dev203: * Populate self.floating\_ips\_dict using 'ip rule' information - Update to version neutron-13.0.8.dev201: * [Functional] Wait for the initial state of ha router before test * Don't setup bridge controller if it is already set - Update to version neutron-13.0.8.dev198: * Remove dhcp\_extra\_opt name after first newline character - Update to version neutron-13.0.8.dev196: * [L3] Use processing queue for network update events * Add extra logs to the network update callback in L3 agent - Remove cve-2021-40085-stable-rocky.patch (merged upstream) - Update to version neutron-13.0.8.dev192: * Remove dhcp\_extra\_opt value after first newline character - Update to version neutron-13.0.8.dev190: * Don't use singleton in routes.middleware.RoutesMiddleware - Update to version neutron-13.0.8.dev189: * Fix notify listener syntax for SEGMENT\_HOST\_MAPPING - Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085) * Remove dhcp_extra_opt value after first newline character - Update to version neutron-13.0.8.dev188: * Clean port forwarding cache when router is DOWN - Update to version neutron-13.0.8.dev186: * Remove FIP agent's gw port when L3 agent is deleted - Update to version neutron-13.0.8.dev184: * Force to close http connection after notify about HA router status - Update to version neutron-13.0.8.dev183: * Don't configure dnsmasq entries for 'network' ports - Update to version neutron-13.0.8.dev181: * Exclude fallback tunnel devices from netns cleanup - Update to version neutron-13.0.8.dev180: * [DVR] Send allowed address pairs info to the L3 agents * designate: allow PTR zone creation to fail * Don't try to create default SG when security groups are disabled - Update to version neutron-13.0.8.dev174: * Fix update of trunk subports during live migration - Update to version neutron-13.0.8.dev172: * [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses - Update to version neutron-13.0.8.dev170: * Call install\_ingress\_direct\_goto\_flows() when ovs restarts - Update to version neutron-13.0.8.dev168: * Fix multicast traffic with IGMP snooping enabled - Update to version neutron-13.0.8.dev166: * Fix OVS conjunctive IP flows cleanup Changes in python-Pillow: - Add 030-CVE-2022-22817.patch * From upstream, backported * Fixes CVE-2022-22817, bsc#1194521 * test from upstream updated for python2 - Add 028-CVE-2022-22815.patch * From upstream, backported * Fixes CVE-2022-22815, bsc#1194552 - Add 029-CVE-2022-22816.patch * From upstream, backported * Fixes CVE-2022-22816, bsc#1194551 Changes in python-XStatic-jquery-ui: - Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073, CVE-2021-41184, bsc#1192075, CVE-2021-41183) * Fix XSS in the altField option of the Datepicker widget (CVE-2021-41182) * Fix XSS in *Text options of the Datepicker widget (CVE-2021-41183) * Fix XSS in the of option of the .position() util (CVE-2021-41184) * Drop support for Query 1.7 * Accordion: allow function parameter for selecting header elements * Datepicker: add optional onUpdateDatepicker callback Changes in release-notes-suse-openstack-cloud: - Update to version 9.20220413: * Update release notes to indicate support for SES7 - Update to version 9.20220112: * Add reference to keystone bcrypt issue to known limitations (bsc#1186380) Changes in rubygem-sinatra: - Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)

Patchnames: SUSE-2022-1729,SUSE-OpenStack-Cloud-9-2022-1729,SUSE-OpenStack-Cloud-Crowbar-9-2022-1729

CVE-2018-19787

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-27783

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-28957

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-38155

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-40085

8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-41182

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-41183

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-41184

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-43813

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-43818

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-44716

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-22815

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2022-22816

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2022-22817

4.8 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-23451

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-23452

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-29970

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 99 products

Product	Version	Remediation
Unresolved product id: SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64	—	Vendor Fix

Threats

Impact important

References

75 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1118088	self
https://bugzilla.suse.com/1179534	self
https://bugzilla.suse.com/1184177	self
https://bugzilla.suse.com/1186380	self
https://bugzilla.suse.com/1189390	self
https://bugzilla.suse.com/1189794	self
https://bugzilla.suse.com/1192070	self
https://bugzilla.suse.com/1192073	self
https://bugzilla.suse.com/1192075	self
https://bugzilla.suse.com/1193597	self
https://bugzilla.suse.com/1193688	self
https://bugzilla.suse.com/1193752	self
https://bugzilla.suse.com/1194521	self
https://bugzilla.suse.com/1194551	self
https://bugzilla.suse.com/1194552	self
https://bugzilla.suse.com/1194952	self
https://bugzilla.suse.com/1194954	self
https://bugzilla.suse.com/1199138	self
https://www.suse.com/security/cve/CVE-2018-19787/	self
https://www.suse.com/security/cve/CVE-2020-27783/	self
https://www.suse.com/security/cve/CVE-2021-28957/	self
https://www.suse.com/security/cve/CVE-2021-38155/	self
https://www.suse.com/security/cve/CVE-2021-40085/	self
https://www.suse.com/security/cve/CVE-2021-41182/	self
https://www.suse.com/security/cve/CVE-2021-41183/	self
https://www.suse.com/security/cve/CVE-2021-41184/	self
https://www.suse.com/security/cve/CVE-2021-43813/	self
https://www.suse.com/security/cve/CVE-2021-43818/	self
https://www.suse.com/security/cve/CVE-2021-44716/	self
https://www.suse.com/security/cve/CVE-2022-22815/	self
https://www.suse.com/security/cve/CVE-2022-22816/	self
https://www.suse.com/security/cve/CVE-2022-22817/	self
https://www.suse.com/security/cve/CVE-2022-23451/	self
https://www.suse.com/security/cve/CVE-2022-23452/	self
https://www.suse.com/security/cve/CVE-2022-29970/	self
https://www.suse.com/security/cve/CVE-2018-19787	external
https://bugzilla.suse.com/1118088	external
https://www.suse.com/security/cve/CVE-2020-27783	external
https://bugzilla.suse.com/1179534	external
https://www.suse.com/security/cve/CVE-2021-28957	external
https://bugzilla.suse.com/1184177	external
https://www.suse.com/security/cve/CVE-2021-38155	external
https://bugzilla.suse.com/1189390	external
https://www.suse.com/security/cve/CVE-2021-40085	external
https://bugzilla.suse.com/1189794	external
https://www.suse.com/security/cve/CVE-2021-41182	external
https://bugzilla.suse.com/1192070	external
https://www.suse.com/security/cve/CVE-2021-41183	external
https://bugzilla.suse.com/1192075	external
https://www.suse.com/security/cve/CVE-2021-41184	external
https://bugzilla.suse.com/1192073	external
https://www.suse.com/security/cve/CVE-2021-43813	external
https://bugzilla.suse.com/1193686	external
https://bugzilla.suse.com/1193688	external
https://www.suse.com/security/cve/CVE-2021-43818	external
https://bugzilla.suse.com/1193752	external
https://www.suse.com/security/cve/CVE-2021-44716	external
https://bugzilla.suse.com/1193597	external
https://www.suse.com/security/cve/CVE-2022-22815	external
https://bugzilla.suse.com/1194552	external
https://www.suse.com/security/cve/CVE-2022-22816	external
https://bugzilla.suse.com/1194551	external
https://www.suse.com/security/cve/CVE-2022-22817	external
https://bugzilla.suse.com/1194521	external
https://bugzilla.suse.com/1219048	external
https://www.suse.com/security/cve/CVE-2022-23451	external
https://bugzilla.suse.com/1194952	external
https://www.suse.com/security/cve/CVE-2022-23452	external
https://bugzilla.suse.com/1194954	external
https://www.suse.com/security/cve/CVE-2022-29970	external
https://bugzilla.suse.com/1199138	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues:\n\nSecurity fixes included on the update:\n\nardana-barbican:\n\n- Update policies to protect container secret access (SOC-11621)\n- Update policies to protect secret metadata access (SOC-11620)\n\nopenstack-neutron:\n\n- CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794).\n\nrubygem-sinatra:\n\n- CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138).\n\npython-XStatic-jquery-ui:\n\n- CVE-2021-41182: Fixed XSS in the `altField` option of the Datepicker widget (bsc#1192070)\n- CVE-2021-41183: Fixed XSS in the `of` option of the `.position()` util (bsc#1192073)\n- CVE-2021-41184: Fixed XSS in `*Text` options of the Datepicker widget (bsc#1192075)\n\npython-lxml:\n\n- CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088).\n- CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534).\n- CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177).\n- CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752).\n\nopenstack-barbican:\n\n- CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952).\n- CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project\u0027s containers (bsc#1194954).\n\ngrafana:\n\n- CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597).\n\nopenstack-keystone:\n\n- CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390).\n\nNon-security fixes included on the update:\n\nChanges in ardana-barbican:\n- Update to version 9.0+git.1644879908.8a641c1:\n  * Update policies to protect container secret access (SOC-11621)\n\n- Update to version 9.0+git.1643052417.9a3348e:\n  * update policies to protect secret metadata access (SOC-11620)\n\nChanges in grafana:\n- Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813)\n  * directory traversal vulnerability for .md files \n\n- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)\n  * Fix Go net/http: limit growth of header canonicalization cache\n\nChanges in openstack-barbican:\n- Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch\n  and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix\n  the legacy policy rules for adding a secret to a container and removing\n  a secret from a container. bsc#1194954,CVE-2022-23452\n\n- Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the\n  legacy policy rules for accessing secret metadata by checking that\n  the user making the request is authenticated for the project that\n  owns the secret. bsc#1194952,CVE-2022-23451\n\nChanges in openstack-cinder:\n- Update to version cinder-13.0.10.dev24:\n  * Correct group:reset\\_group\\_snapshot\\_status policy\n\nChanges in openstack-cinder:\n- Update to version cinder-13.0.10.dev24:\n  * Correct group:reset\\_group\\_snapshot\\_status policy\n\nChanges in openstack-heat-gbp:\n- Update to version group-based-policy-automation-14.0.1.dev4:\n  * Add support for yoga\n\n- Update to version group-based-policy-automation-14.0.1.dev3:\n  * Python2/3 compatibility fixes\n\n- Update to version group-based-policy-automation-14.0.1.dev2:\n  * Add support for xena\n\n- Update to version group-based-policy-automation-14.0.1.dev1:\n  * Remove py27 from gate jobs\n  14.0.0\n\nChanges in openstack-horizon-plugin-gbp-ui:\n- Update to version group-based-policy-ui-14.0.1.dev3:\n  * Add support for yoga\n\n- Update to version group-based-policy-ui-14.0.1.dev2:\n  * Python2/3 compatibility changes\n\n- Update to version group-based-policy-ui-14.0.1.dev1:\n  * Add support for xena\n  14.0.0\n\nChanges in openstack-ironic:\n- Update to version ironic-11.1.5.dev18:\n  * Cleanup stable/rocky legacy jobs\n\nChanges in openstack-ironic:\n- Update to version ironic-11.1.5.dev18:\n  * Cleanup stable/rocky legacy jobs\n\nChanges in openstack-keystone:\n- Update to version keystone-14.2.1.dev9:\n  * Delete system role assignments from system\\_assignment table\n\nChanges in openstack-keystone:\n- Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix\n  the problem where AccountLocked exception discloses sensitive information.\n  bsc#1189390,CVE-2021-38155\n\n- Update to version keystone-14.2.1.dev9:\n  * Delete system role assignments from system\\_assignment table\n\nChanges in openstack-neutron-gbp:\n- Update to version group-based-policy-14.0.1.dev33:\n  * Populate network mtu for erspan\n\n- Update to version group-based-policy-14.0.1.dev32:\n  * ERSPAN config error when Openstack port is created in a different project than network it belongs to\n  2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev31:\n  * Python2/3 compatibility fixes\n  2014.2.0rc1\n\n- Update to version group-based-policy-14.0.1.dev29:\n  * Fix oslo\\_i18n usage\n\n- Update to version group-based-policy-14.0.1.dev27:\n  * Update mechanism\\_driver cache\n  2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev26:\n  * Add support for xena\n\n- Update to version group-based-policy-14.0.1.dev24:\n  * update\\_floatingip\\_status\\_while\\_deleting\\_the\\_vm\n\n- Update to version group-based-policy-14.0.1.dev22:\n  * Updating host id by appending pid in existing host id\n  2014.2.0rc1\n\n- Update to version group-based-policy-14.0.1.dev20:\n  * Revert \u0027Add workaround to get\\_subnets\u0027\n\nChanges in python-lxml:\n- Fix bsc#1179534 (CVE-2020-27783)\n  mXSS due to the use of improper parser \n  Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch\n- Fix bsc#1118088 (CVE-2018-19787)\n  lxml/html/clean.py in the lxml.html.clean module does not remove\n  javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks\n  Patch file: 0001-CVE-2018-19787.patch\n- Fix bsc#1184177 (CVE-2021-28957)\n  missing input sanitization for formaction HTML5 attributes may lead to XSS\n  Patch file: 0001-CVE-2021-28957.patch\n- Fix bsc#1193752 (CVE-2021-43818)\n  Cleaner: Remove SVG image data URLs since they can embed script content.\n  Reported as GHSL-2021-1037 and GHSL-2021-1038 \n  Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch\n\nChanges in openstack-neutron-doc:\n- Update to version neutron-13.0.8.dev206:\n  * Wait longer before deleting DPDK vhu trunk bridges\n\n- Update to version neutron-13.0.8.dev205:\n  * Do no use \u0027--strict\u0027 for OF deletion in TRANSIENT\\_TABLE\n\n- Update to version neutron-13.0.8.dev203:\n  * Populate self.floating\\_ips\\_dict using \u0027ip rule\u0027 information\n\n- Update to version neutron-13.0.8.dev201:\n  * [Functional] Wait for the initial state of ha router before test\n  * Don\u0027t setup bridge controller if it is already set\n\n- Update to version neutron-13.0.8.dev198:\n  * Remove dhcp\\_extra\\_opt name after first newline character\n\n- Update to version neutron-13.0.8.dev196:\n  * [L3] Use processing queue for network update events\n  * Add extra logs to the network update callback in L3 agent\n\n- Update to version neutron-13.0.8.dev192:\n  * Remove dhcp\\_extra\\_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev190:\n  * Don\u0027t use singleton in routes.middleware.RoutesMiddleware\n\n- Update to version neutron-13.0.8.dev189:\n  * Fix notify listener syntax for SEGMENT\\_HOST\\_MAPPING\n\n- Update to version neutron-13.0.8.dev188:\n  * Clean port forwarding cache when router is DOWN\n\n- Update to version neutron-13.0.8.dev186:\n  * Remove FIP agent\u0027s gw port when L3 agent is deleted\n\n- Update to version neutron-13.0.8.dev184:\n  * Force to close http connection after notify about HA router status\n\n- Update to version neutron-13.0.8.dev183:\n  * Don\u0027t configure dnsmasq entries for \u0027network\u0027 ports\n\n- Update to version neutron-13.0.8.dev181:\n  * Exclude fallback tunnel devices from netns cleanup\n\n- Update to version neutron-13.0.8.dev180:\n  * [DVR] Send allowed address pairs info to the L3 agents\n  * designate: allow PTR zone creation to fail\n  * Don\u0027t try to create default SG when security groups are disabled\n\n- Update to version neutron-13.0.8.dev174:\n  * Fix update of trunk subports during live migration\n\n- Update to version neutron-13.0.8.dev172:\n  * [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses\n\n- Update to version neutron-13.0.8.dev170:\n  * Call install\\_ingress\\_direct\\_goto\\_flows() when ovs restarts\n\n- Update to version neutron-13.0.8.dev168:\n  * Fix multicast traffic with IGMP snooping enabled\n\n- Update to version neutron-13.0.8.dev166:\n  * Fix OVS conjunctive IP flows cleanup\n\nChanges in openstack-neutron:\n- Update to version neutron-13.0.8.dev206:\n  * Wait longer before deleting DPDK vhu trunk bridges\n\n- Update to version neutron-13.0.8.dev205:\n  * Do no use \u0027--strict\u0027 for OF deletion in TRANSIENT\\_TABLE\n\n- Update to version neutron-13.0.8.dev203:\n  * Populate self.floating\\_ips\\_dict using \u0027ip rule\u0027 information\n\n- Update to version neutron-13.0.8.dev201:\n  * [Functional] Wait for the initial state of ha router before test\n  * Don\u0027t setup bridge controller if it is already set\n\n- Update to version neutron-13.0.8.dev198:\n  * Remove dhcp\\_extra\\_opt name after first newline character\n\n- Update to version neutron-13.0.8.dev196:\n  * [L3] Use processing queue for network update events\n  * Add extra logs to the network update callback in L3 agent\n\n- Remove cve-2021-40085-stable-rocky.patch (merged upstream)\n\n- Update to version neutron-13.0.8.dev192:\n  * Remove dhcp\\_extra\\_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev190:\n  * Don\u0027t use singleton in routes.middleware.RoutesMiddleware\n\n- Update to version neutron-13.0.8.dev189:\n  * Fix notify listener syntax for SEGMENT\\_HOST\\_MAPPING\n\n- Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085) \n  * Remove dhcp_extra_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev188:\n  * Clean port forwarding cache when router is DOWN\n\n- Update to version neutron-13.0.8.dev186:\n  * Remove FIP agent\u0027s gw port when L3 agent is deleted\n\n- Update to version neutron-13.0.8.dev184:\n  * Force to close http connection after notify about HA router status\n\n- Update to version neutron-13.0.8.dev183:\n  * Don\u0027t configure dnsmasq entries for \u0027network\u0027 ports\n\n- Update to version neutron-13.0.8.dev181:\n  * Exclude fallback tunnel devices from netns cleanup\n\n- Update to version neutron-13.0.8.dev180:\n  * [DVR] Send allowed address pairs info to the L3 agents\n  * designate: allow PTR zone creation to fail\n  * Don\u0027t try to create default SG when security groups are disabled\n\n- Update to version neutron-13.0.8.dev174:\n  * Fix update of trunk subports during live migration\n\n- Update to version neutron-13.0.8.dev172:\n  * [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses\n\n- Update to version neutron-13.0.8.dev170:\n  * Call install\\_ingress\\_direct\\_goto\\_flows() when ovs restarts\n\n- Update to version neutron-13.0.8.dev168:\n  * Fix multicast traffic with IGMP snooping enabled\n\n- Update to version neutron-13.0.8.dev166:\n  * Fix OVS conjunctive IP flows cleanup\n\nChanges in python-Pillow:\n- Add 030-CVE-2022-22817.patch\n   * From upstream, backported\n   * Fixes CVE-2022-22817, bsc#1194521 \n   * test from upstream updated for python2\n\n- Add 028-CVE-2022-22815.patch\n   * From upstream, backported\n   * Fixes CVE-2022-22815, bsc#1194552\n- Add 029-CVE-2022-22816.patch\n   * From upstream, backported\n   * Fixes CVE-2022-22816, bsc#1194551\n\nChanges in python-XStatic-jquery-ui:\n- Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073,\n  CVE-2021-41184, bsc#1192075,  CVE-2021-41183)\n    * Fix XSS in the altField option of the Datepicker widget \n     (CVE-2021-41182)\n    * Fix XSS in *Text options of the Datepicker widget\n     (CVE-2021-41183)\n    * Fix XSS in the of option of the .position() util\n      (CVE-2021-41184)\n    * Drop support for Query 1.7\n    * Accordion: allow function parameter for selecting header\n      elements\n    * Datepicker: add optional onUpdateDatepicker callback\n\nChanges in release-notes-suse-openstack-cloud:\n- Update to version 9.20220413:\n  * Update release notes to indicate support for SES7\n- Update to version 9.20220112:\n  * Add reference to keystone bcrypt issue to known limitations (bsc#1186380)\n\nChanges in rubygem-sinatra:\n- Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)\n\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-1729,SUSE-OpenStack-Cloud-9-2022-1729,SUSE-OpenStack-Cloud-Crowbar-9-2022-1729",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1729-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:1729-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221729-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:1729-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011075.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1118088",
        "url": "https://bugzilla.suse.com/1118088"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179534",
        "url": "https://bugzilla.suse.com/1179534"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1184177",
        "url": "https://bugzilla.suse.com/1184177"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1186380",
        "url": "https://bugzilla.suse.com/1186380"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1189390",
        "url": "https://bugzilla.suse.com/1189390"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1189794",
        "url": "https://bugzilla.suse.com/1189794"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1192070",
        "url": "https://bugzilla.suse.com/1192070"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1192073",
        "url": "https://bugzilla.suse.com/1192073"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1192075",
        "url": "https://bugzilla.suse.com/1192075"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193597",
        "url": "https://bugzilla.suse.com/1193597"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193688",
        "url": "https://bugzilla.suse.com/1193688"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193752",
        "url": "https://bugzilla.suse.com/1193752"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1194521",
        "url": "https://bugzilla.suse.com/1194521"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1194551",
        "url": "https://bugzilla.suse.com/1194551"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1194552",
        "url": "https://bugzilla.suse.com/1194552"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1194952",
        "url": "https://bugzilla.suse.com/1194952"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1194954",
        "url": "https://bugzilla.suse.com/1194954"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199138",
        "url": "https://bugzilla.suse.com/1199138"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19787 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19787/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-27783 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-27783/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-28957 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-28957/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-38155 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-38155/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-40085 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-40085/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41182 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41182/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41183 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41183/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41184 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41184/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-43813 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-43813/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-43818 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-43818/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-44716 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-44716/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-22815 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-22815/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-22816 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-22816/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-22817 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-22817/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-23451 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-23451/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-23452 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-23452/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-29970 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-29970/"
      }
    ],
    "title": "Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud",
    "tracking": {
      "current_release_date": "2022-05-18T14:55:52Z",
      "generator": {
        "date": "2022-05-18T14:55:52Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:1729-1",
      "initial_release_date": "2022-05-18T14:55:52Z",
      "revision_history": [
        {
          "date": "2022-05-18T14:55:52Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-6.7.4-3.26.1.aarch64",
                "product": {
                  "name": "grafana-6.7.4-3.26.1.aarch64",
                  "product_id": "grafana-6.7.4-3.26.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-Pillow-5.2.0-3.17.1.aarch64",
                "product": {
                  "name": "python-Pillow-5.2.0-3.17.1.aarch64",
                  "product_id": "python-Pillow-5.2.0-3.17.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-lxml-4.2.4-3.3.1.aarch64",
                "product": {
                  "name": "python-lxml-4.2.4-3.3.1.aarch64",
                  "product_id": "python-lxml-4.2.4-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-lxml-devel-4.2.4-3.3.1.aarch64",
                "product": {
                  "name": "python-lxml-devel-4.2.4-3.3.1.aarch64",
                  "product_id": "python-lxml-devel-4.2.4-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-Pillow-5.2.0-3.17.1.aarch64",
                "product": {
                  "name": "python3-Pillow-5.2.0-3.17.1.aarch64",
                  "product_id": "python3-Pillow-5.2.0-3.17.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-lxml-4.2.4-3.3.1.aarch64",
                "product": {
                  "name": "python3-lxml-4.2.4-3.3.1.aarch64",
                  "product_id": "python3-lxml-4.2.4-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-lxml-devel-4.2.4-3.3.1.aarch64",
                "product": {
                  "name": "python3-lxml-devel-4.2.4-3.3.1.aarch64",
                  "product_id": "python3-lxml-devel-4.2.4-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64",
                  "product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64",
                  "product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64",
                  "product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
                "product": {
                  "name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
                  "product_id": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
                "product": {
                  "name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
                  "product_id": "openstack-barbican-7.0.1~dev24-3.14.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
                "product": {
                  "name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
                  "product_id": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
                "product": {
                  "name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
                  "product_id": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
                "product": {
                  "name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
                  "product_id": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch",
                "product": {
                  "name": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch",
                  "product_id": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
                "product": {
                  "name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
                  "product_id": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
                "product": {
                  "name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
                  "product_id": "openstack-cinder-13.0.10~dev24-3.34.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
                "product": {
                  "name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
                  "product_id": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
                "product": {
                  "name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
                  "product_id": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
                "product": {
                  "name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
                  "product_id": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch",
                "product": {
                  "name": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch",
                  "product_id": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
                "product": {
                  "name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
                  "product_id": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
                "product": {
                  "name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
                  "product_id": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch",
                "product": {
                  "name": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch",
                  "product_id": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
                "product": {
                  "name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
                  "product_id": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch",
                "product": {
                  "name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch",
                  "product_id": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
                "product": {
                  "name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
                  "product_id": "openstack-ironic-11.1.5~dev18-3.28.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
                "product": {
                  "name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
                  "product_id": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
                "product": {
                  "name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
                  "product_id": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch",
                "product": {
                  "name": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch",
                  "product_id": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
                "product": {
                  "name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
                  "product_id": "openstack-keystone-14.2.1~dev9-3.28.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch",
                "product": {
                  "name": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch",
                  "product_id": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
                "product": {
                  "name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
                  "product_id": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch",
                "product": {
                  "name": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch",
                  "product_id": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
                "product": {
                  "name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
                  "product_id": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-barbican-7.0.1~dev24-3.14.1.noarch",
                "product": {
                  "name": "python-barbican-7.0.1~dev24-3.14.1.noarch",
                  "product_id": "python-barbican-7.0.1~dev24-3.14.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-cinder-13.0.10~dev24-3.34.2.noarch",
                "product": {
                  "name": "python-cinder-13.0.10~dev24-3.34.2.noarch",
                  "product_id": "python-cinder-13.0.10~dev24-3.34.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
                "product": {
                  "name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
                  "product_id": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
                "product": {
                  "name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
                  "product_id": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-ironic-11.1.5~dev18-3.28.2.noarch",
                "product": {
                  "name": "python-ironic-11.1.5~dev18-3.28.2.noarch",
                  "product_id": "python-ironic-11.1.5~dev18-3.28.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-keystone-14.2.1~dev9-3.28.2.noarch",
                "product": {
                  "name": "python-keystone-14.2.1~dev9-3.28.2.noarch",
                  "product_id": "python-keystone-14.2.1~dev9-3.28.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-lxml-doc-4.2.4-3.3.1.noarch",
                "product": {
                  "name": "python-lxml-doc-4.2.4-3.3.1.noarch",
                  "product_id": "python-lxml-doc-4.2.4-3.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-neutron-13.0.8~dev206-3.40.1.noarch",
                "product": {
                  "name": "python-neutron-13.0.8~dev206-3.40.1.noarch",
                  "product_id": "python-neutron-13.0.8~dev206-3.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
                "product": {
                  "name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
                  "product_id": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
                "product": {
                  "name": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
                  "product_id": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-lxml-doc-4.2.4-3.3.1.noarch",
                "product": {
                  "name": "python3-lxml-doc-4.2.4-3.3.1.noarch",
                  "product_id": "python3-lxml-doc-4.2.4-3.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
                "product": {
                  "name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
                  "product_id": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
                "product": {
                  "name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
                  "product_id": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
                "product": {
                  "name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
                  "product_id": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
                "product": {
                  "name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
                  "product_id": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
                "product": {
                  "name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
                  "product_id": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
                "product": {
                  "name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
                  "product_id": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
                "product": {
                  "name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
                  "product_id": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
                "product": {
                  "name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
                  "product_id": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
                "product": {
                  "name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
                  "product_id": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
                "product": {
                  "name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
                  "product_id": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
                "product": {
                  "name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
                  "product_id": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
                "product": {
                  "name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
                  "product_id": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
                "product": {
                  "name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
                  "product_id": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
                "product": {
                  "name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
                  "product_id": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
                "product": {
                  "name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
                  "product_id": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
                "product": {
                  "name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
                  "product_id": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
                "product": {
                  "name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
                  "product_id": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
                "product": {
                  "name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
                  "product_id": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-6.7.4-3.26.1.ppc64le",
                "product": {
                  "name": "grafana-6.7.4-3.26.1.ppc64le",
                  "product_id": "grafana-6.7.4-3.26.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-Pillow-5.2.0-3.17.1.ppc64le",
                "product": {
                  "name": "python-Pillow-5.2.0-3.17.1.ppc64le",
                  "product_id": "python-Pillow-5.2.0-3.17.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-lxml-4.2.4-3.3.1.ppc64le",
                "product": {
                  "name": "python-lxml-4.2.4-3.3.1.ppc64le",
                  "product_id": "python-lxml-4.2.4-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-lxml-devel-4.2.4-3.3.1.ppc64le",
                "product": {
                  "name": "python-lxml-devel-4.2.4-3.3.1.ppc64le",
                  "product_id": "python-lxml-devel-4.2.4-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-Pillow-5.2.0-3.17.1.ppc64le",
                "product": {
                  "name": "python3-Pillow-5.2.0-3.17.1.ppc64le",
                  "product_id": "python3-Pillow-5.2.0-3.17.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-lxml-4.2.4-3.3.1.ppc64le",
                "product": {
                  "name": "python3-lxml-4.2.4-3.3.1.ppc64le",
                  "product_id": "python3-lxml-4.2.4-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-lxml-devel-4.2.4-3.3.1.ppc64le",
                "product": {
                  "name": "python3-lxml-devel-4.2.4-3.3.1.ppc64le",
                  "product_id": "python3-lxml-devel-4.2.4-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le",
                  "product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le",
                  "product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le",
                  "product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-6.7.4-3.26.1.s390x",
                "product": {
                  "name": "grafana-6.7.4-3.26.1.s390x",
                  "product_id": "grafana-6.7.4-3.26.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-Pillow-5.2.0-3.17.1.s390x",
                "product": {
                  "name": "python-Pillow-5.2.0-3.17.1.s390x",
                  "product_id": "python-Pillow-5.2.0-3.17.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-lxml-4.2.4-3.3.1.s390x",
                "product": {
                  "name": "python-lxml-4.2.4-3.3.1.s390x",
                  "product_id": "python-lxml-4.2.4-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-lxml-devel-4.2.4-3.3.1.s390x",
                "product": {
                  "name": "python-lxml-devel-4.2.4-3.3.1.s390x",
                  "product_id": "python-lxml-devel-4.2.4-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-Pillow-5.2.0-3.17.1.s390x",
                "product": {
                  "name": "python3-Pillow-5.2.0-3.17.1.s390x",
                  "product_id": "python3-Pillow-5.2.0-3.17.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-lxml-4.2.4-3.3.1.s390x",
                "product": {
                  "name": "python3-lxml-4.2.4-3.3.1.s390x",
                  "product_id": "python3-lxml-4.2.4-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-lxml-devel-4.2.4-3.3.1.s390x",
                "product": {
                  "name": "python3-lxml-devel-4.2.4-3.3.1.s390x",
                  "product_id": "python3-lxml-devel-4.2.4-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x",
                  "product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x",
                  "product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x",
                  "product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-6.7.4-3.26.1.x86_64",
                "product": {
                  "name": "grafana-6.7.4-3.26.1.x86_64",
                  "product_id": "grafana-6.7.4-3.26.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-Pillow-5.2.0-3.17.1.x86_64",
                "product": {
                  "name": "python-Pillow-5.2.0-3.17.1.x86_64",
                  "product_id": "python-Pillow-5.2.0-3.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-lxml-4.2.4-3.3.1.x86_64",
                "product": {
                  "name": "python-lxml-4.2.4-3.3.1.x86_64",
                  "product_id": "python-lxml-4.2.4-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-lxml-devel-4.2.4-3.3.1.x86_64",
                "product": {
                  "name": "python-lxml-devel-4.2.4-3.3.1.x86_64",
                  "product_id": "python-lxml-devel-4.2.4-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-Pillow-5.2.0-3.17.1.x86_64",
                "product": {
                  "name": "python3-Pillow-5.2.0-3.17.1.x86_64",
                  "product_id": "python3-Pillow-5.2.0-3.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-lxml-4.2.4-3.3.1.x86_64",
                "product": {
                  "name": "python3-lxml-4.2.4-3.3.1.x86_64",
                  "product_id": "python3-lxml-4.2.4-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-lxml-devel-4.2.4-3.3.1.x86_64",
                "product": {
                  "name": "python3-lxml-devel-4.2.4-3.3.1.x86_64",
                  "product_id": "python3-lxml-devel-4.2.4-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
                  "product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64",
                  "product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64",
                "product": {
                  "name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64",
                  "product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 9",
                "product": {
                  "name": "SUSE OpenStack Cloud 9",
                  "product_id": "SUSE OpenStack Cloud 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 9",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 9",
                  "product_id": "SUSE OpenStack Cloud Crowbar 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch"
        },
        "product_reference": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-6.7.4-3.26.1.x86_64 as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64"
        },
        "product_reference": "grafana-6.7.4-3.26.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
        },
        "product_reference": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
        },
        "product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch"
        },
        "product_reference": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
        },
        "product_reference": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
        },
        "product_reference": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch"
        },
        "product_reference": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
        },
        "product_reference": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-Pillow-5.2.0-3.17.1.x86_64 as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64"
        },
        "product_reference": "python-Pillow-5.2.0-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
        },
        "product_reference": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "python-barbican-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "python-cinder-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
        },
        "product_reference": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
        },
        "product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch"
        },
        "product_reference": "python-ironic-11.1.5~dev18-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch"
        },
        "product_reference": "python-keystone-14.2.1~dev9-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-lxml-4.2.4-3.3.1.x86_64 as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64"
        },
        "product_reference": "python-lxml-4.2.4-3.3.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "python-neutron-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
        },
        "product_reference": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
        },
        "product_reference": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch"
        },
        "product_reference": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch"
        },
        "product_reference": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch"
        },
        "product_reference": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch"
        },
        "product_reference": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch"
        },
        "product_reference": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch"
        },
        "product_reference": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch"
        },
        "product_reference": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch"
        },
        "product_reference": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch"
        },
        "product_reference": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch"
        },
        "product_reference": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch"
        },
        "product_reference": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch"
        },
        "product_reference": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch"
        },
        "product_reference": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch"
        },
        "product_reference": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch"
        },
        "product_reference": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch"
        },
        "product_reference": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch"
        },
        "product_reference": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-6.7.4-3.26.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64"
        },
        "product_reference": "grafana-6.7.4-3.26.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
        },
        "product_reference": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
        },
        "product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch"
        },
        "product_reference": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
        },
        "product_reference": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
        },
        "product_reference": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch"
        },
        "product_reference": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
        },
        "product_reference": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-Pillow-5.2.0-3.17.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64"
        },
        "product_reference": "python-Pillow-5.2.0-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
        },
        "product_reference": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch"
        },
        "product_reference": "python-barbican-7.0.1~dev24-3.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch"
        },
        "product_reference": "python-cinder-13.0.10~dev24-3.34.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
        },
        "product_reference": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
        },
        "product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch"
        },
        "product_reference": "python-ironic-11.1.5~dev18-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch"
        },
        "product_reference": "python-keystone-14.2.1~dev9-3.28.2.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-lxml-4.2.4-3.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64"
        },
        "product_reference": "python-lxml-4.2.4-3.3.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch"
        },
        "product_reference": "python-neutron-13.0.8~dev206-3.40.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
        },
        "product_reference": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
        },
        "product_reference": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        },
        "product_reference": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-19787",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19787"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by \"j a v a s c r i p t:\" in Internet Explorer. This is a similar issue to CVE-2014-3146.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19787",
          "url": "https://www.suse.com/security/cve/CVE-2018-19787"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118088 for CVE-2018-19787",
          "url": "https://bugzilla.suse.com/1118088"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-19787"
    },
    {
      "cve": "CVE-2020-27783",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-27783"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A XSS vulnerability was discovered in python-lxml\u0027s clean module. The module\u0027s parser didn\u0027t properly imitate browsers, which caused different behaviors between the sanitizer and the user\u0027s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-27783",
          "url": "https://www.suse.com/security/cve/CVE-2020-27783"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179534 for CVE-2020-27783",
          "url": "https://bugzilla.suse.com/1179534"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-27783"
    },
    {
      "cve": "CVE-2021-28957",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-28957"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An XSS vulnerability was discovered in python-lxml\u0027s clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-28957",
          "url": "https://www.suse.com/security/cve/CVE-2021-28957"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184177 for CVE-2021-28957",
          "url": "https://bugzilla.suse.com/1184177"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-28957"
    },
    {
      "cve": "CVE-2021-38155",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-38155"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account\u0027s corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-38155",
          "url": "https://www.suse.com/security/cve/CVE-2021-38155"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189390 for CVE-2021-38155",
          "url": "https://bugzilla.suse.com/1189390"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-38155"
    },
    {
      "cve": "CVE-2021-40085",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-40085"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-40085",
          "url": "https://www.suse.com/security/cve/CVE-2021-40085"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189794 for CVE-2021-40085",
          "url": "https://bugzilla.suse.com/1189794"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-40085"
    },
    {
      "cve": "CVE-2021-41182",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41182"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41182",
          "url": "https://www.suse.com/security/cve/CVE-2021-41182"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192070 for CVE-2021-41182",
          "url": "https://bugzilla.suse.com/1192070"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41182"
    },
    {
      "cve": "CVE-2021-41183",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41183"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41183",
          "url": "https://www.suse.com/security/cve/CVE-2021-41183"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192075 for CVE-2021-41183",
          "url": "https://bugzilla.suse.com/1192075"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41183"
    },
    {
      "cve": "CVE-2021-41184",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41184"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41184",
          "url": "https://www.suse.com/security/cve/CVE-2021-41184"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192073 for CVE-2021-41184",
          "url": "https://bugzilla.suse.com/1192073"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41184"
    },
    {
      "cve": "CVE-2021-43813",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-43813"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-43813",
          "url": "https://www.suse.com/security/cve/CVE-2021-43813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193686 for CVE-2021-43813",
          "url": "https://bugzilla.suse.com/1193686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193688 for CVE-2021-43813",
          "url": "https://bugzilla.suse.com/1193688"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-43813"
    },
    {
      "cve": "CVE-2021-43818",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-43818"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-43818",
          "url": "https://www.suse.com/security/cve/CVE-2021-43818"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193752 for CVE-2021-43818",
          "url": "https://bugzilla.suse.com/1193752"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-43818"
    },
    {
      "cve": "CVE-2021-44716",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-44716"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-44716",
          "url": "https://www.suse.com/security/cve/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193597 for CVE-2021-44716",
          "url": "https://bugzilla.suse.com/1193597"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2022-22815",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-22815"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-22815",
          "url": "https://www.suse.com/security/cve/CVE-2022-22815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1194552 for CVE-2022-22815",
          "url": "https://bugzilla.suse.com/1194552"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "low"
        }
      ],
      "title": "CVE-2022-22815"
    },
    {
      "cve": "CVE-2022-22816",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-22816"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-22816",
          "url": "https://www.suse.com/security/cve/CVE-2022-22816"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1194551 for CVE-2022-22816",
          "url": "https://bugzilla.suse.com/1194551"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "low"
        }
      ],
      "title": "CVE-2022-22816"
    },
    {
      "cve": "CVE-2022-22817",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-22817"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-22817",
          "url": "https://www.suse.com/security/cve/CVE-2022-22817"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1194521 for CVE-2022-22817",
          "url": "https://bugzilla.suse.com/1194521"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219048 for CVE-2022-22817",
          "url": "https://bugzilla.suse.com/1219048"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-22817"
    },
    {
      "cve": "CVE-2022-23451",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-23451"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-23451",
          "url": "https://www.suse.com/security/cve/CVE-2022-23451"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1194952 for CVE-2022-23451",
          "url": "https://bugzilla.suse.com/1194952"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-23451"
    },
    {
      "cve": "CVE-2022-23452",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-23452"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-23452",
          "url": "https://www.suse.com/security/cve/CVE-2022-23452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1194954 for CVE-2022-23452",
          "url": "https://bugzilla.suse.com/1194954"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-23452"
    },
    {
      "cve": "CVE-2022-29970",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-29970"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
          "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
          "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
          "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-29970",
          "url": "https://www.suse.com/security/cve/CVE-2022-29970"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199138 for CVE-2022-29970",
          "url": "https://bugzilla.suse.com/1199138"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
            "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
            "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
            "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-18T14:55:52Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-29970"
    }
  ]
}

SUSE-SU-2022:3338-1

Vulnerability from csaf_suse - Published: 2022-09-22 14:15 - Updated: 2022-09-22 14:15

Summary

Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma

Severity

Moderate

Notes

Title of the patch: Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma

Description of the patch: This update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma fixes the following issues: Security updates included on this update: ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, rabbitmq-server: - CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess. (SOC-11662, bnc#1164139) - CVE-2021-44716: Fixed uncontrolled memory consumption in go's net/http. (bsc#1193597) - CVE-2019-11287: Fixed DoS via 'X-Reason' HTTP Header in malicious Erlang format string. (bsc#1157665) grafana: - CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454). - CVE-2021-44716: Fixed uncontrolled memory consumption in go's net/http (bsc#1193597). python-Django: - CVE-2022-28346: Fixed vulnerability that could lead to SQL injection in QuerySet.annotate(),aggregate() and extra(). (bsc#1198398) - CVE-2022-34265: Fixed vulnerability that could lead to SQL injection via Trunc(kind) and Extract(lookup_name) arguments. (bsc#1201186) rubygem puma: - CVE-2022-24790: Fixed HTTP request smuggling vulnerability. (bsc#1197818) Additional information about the this update: Changes in ardana-ansible: - Update to version 8.0+git.1660773729.3789a6d: * Mitigate CVE-2020-1734 (SOC-11662) Changes in ardana-cobbler: - Update to version 8.0+git.1660773402.d845a45: * Mitigate CVE-2020-1734 (SOC-11662) Changes in grafana: - Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226) * snapshot authentication bypass - Bump Go to 1.16 (bsc#1193597, CVE-2021-44716) * Fix Go net/http: limit growth of header canonicalization cache. Changes in openstack-heat-templates: - Update to version 0.0.0+git.1654529662.75fa04a: * doc: Comment out language option Changes in openstack-murano: - Update to version murano-4.0.2.dev3: * [stable-only] Remove periodic-stable-jobs template Changes in openstack-murano: - Update to version murano-4.0.2.dev3: * [stable-only] Remove periodic-stable-jobs template Changes in rabbitmq-server: - add explanation-format patch to fix CVE-2019-11287 (bsc#1157665) Changes in python-Django: - Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt to avoid source_validator incorrectly trying to use it as a detached signature file for the sources tarball. - Remove unnecessary project.diff file. - Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346) * Potential SQL injection in QuerySet.annotate(),aggregate() and extra() - Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265) * SQL injection via Trunc(kind) and Extract(lookup_name) arguments Changes in rubygem-puma: - Add CVE-2022-24790: Fixed HTTP request smuggling vulnerability (bsc#1197818).

Patchnames: HPE-Helion-OpenStack-8-2022-3338,SUSE-2022-3338,SUSE-OpenStack-Cloud-8-2022-3338,SUSE-OpenStack-Cloud-Crowbar-8-2022-3338

CVE-2019-11287

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 41 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-1734

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

Affected products

Recommended 41 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-39226

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 41 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-44716

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 41 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-24790

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 41 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-28346

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 41 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-34265

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 41 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64	—	Vendor Fix

Threats

Impact important

References

31 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1157665	self
https://bugzilla.suse.com/1191454	self
https://bugzilla.suse.com/1193597	self
https://bugzilla.suse.com/1197818	self
https://bugzilla.suse.com/1198398	self
https://bugzilla.suse.com/1201186	self
https://www.suse.com/security/cve/CVE-2019-11287/	self
https://www.suse.com/security/cve/CVE-2020-1734/	self
https://www.suse.com/security/cve/CVE-2021-39226/	self
https://www.suse.com/security/cve/CVE-2021-44716/	self
https://www.suse.com/security/cve/CVE-2022-24790/	self
https://www.suse.com/security/cve/CVE-2022-28346/	self
https://www.suse.com/security/cve/CVE-2022-34265/	self
https://www.suse.com/security/cve/CVE-2019-11287	external
https://bugzilla.suse.com/1157665	external
https://www.suse.com/security/cve/CVE-2020-1734	external
https://bugzilla.suse.com/1164139	external
https://www.suse.com/security/cve/CVE-2021-39226	external
https://bugzilla.suse.com/1191454	external
https://www.suse.com/security/cve/CVE-2021-44716	external
https://bugzilla.suse.com/1193597	external
https://www.suse.com/security/cve/CVE-2022-24790	external
https://bugzilla.suse.com/1197818	external
https://www.suse.com/security/cve/CVE-2022-28346	external
https://bugzilla.suse.com/1198398	external
https://www.suse.com/security/cve/CVE-2022-34265	external
https://bugzilla.suse.com/1201186	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma fixes the following issues:\n\nSecurity updates included on this update:\n\nardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, rabbitmq-server:\n- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess. (SOC-11662, bnc#1164139)\n- CVE-2021-44716: Fixed uncontrolled memory consumption in go\u0027s net/http. (bsc#1193597)\n- CVE-2019-11287: Fixed DoS via \u0027X-Reason\u0027 HTTP Header in malicious Erlang format string. (bsc#1157665)\n\ngrafana:\n- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).\n- CVE-2021-44716: Fixed uncontrolled memory consumption in go\u0027s net/http (bsc#1193597).\n\npython-Django:\n- CVE-2022-28346: Fixed vulnerability that could lead to SQL injection in QuerySet.annotate(),aggregate() and extra(). (bsc#1198398)\n- CVE-2022-34265: Fixed vulnerability that could lead to SQL injection via Trunc(kind) and Extract(lookup_name) arguments. (bsc#1201186)\n\nrubygem puma:\n- CVE-2022-24790: Fixed HTTP request smuggling vulnerability. (bsc#1197818)\n\nAdditional information about the this update:\n\nChanges in ardana-ansible:\n- Update to version 8.0+git.1660773729.3789a6d:\n  * Mitigate CVE-2020-1734 (SOC-11662)\n\nChanges in ardana-cobbler:\n- Update to version 8.0+git.1660773402.d845a45:\n  * Mitigate CVE-2020-1734 (SOC-11662)\n\nChanges in grafana:\n- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)\n  * snapshot authentication bypass\n\n- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)\n  * Fix Go net/http: limit growth of header canonicalization cache.\n\nChanges in openstack-heat-templates:\n- Update to version 0.0.0+git.1654529662.75fa04a:\n  * doc: Comment out language option\n\nChanges in openstack-murano:\n- Update to version murano-4.0.2.dev3:\n  * [stable-only] Remove periodic-stable-jobs template\n\nChanges in openstack-murano:\n- Update to version murano-4.0.2.dev3:\n  * [stable-only] Remove periodic-stable-jobs template\n\nChanges in rabbitmq-server:\n- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)\n\nChanges in python-Django:\n- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt\n  to avoid source_validator incorrectly trying to use it as a detached\n  signature file for the sources tarball.\n- Remove unnecessary project.diff file.\n\n- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)\n    * Potential SQL injection in QuerySet.annotate(),aggregate() and extra()\n- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)\n    * SQL injection via Trunc(kind) and Extract(lookup_name) arguments\n\nChanges in rubygem-puma:\n- Add CVE-2022-24790: Fixed HTTP request smuggling vulnerability (bsc#1197818).\n\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "HPE-Helion-OpenStack-8-2022-3338,SUSE-2022-3338,SUSE-OpenStack-Cloud-8-2022-3338,SUSE-OpenStack-Cloud-Crowbar-8-2022-3338",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3338-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:3338-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223338-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:3338-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012332.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157665",
        "url": "https://bugzilla.suse.com/1157665"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191454",
        "url": "https://bugzilla.suse.com/1191454"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193597",
        "url": "https://bugzilla.suse.com/1193597"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1197818",
        "url": "https://bugzilla.suse.com/1197818"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198398",
        "url": "https://bugzilla.suse.com/1198398"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201186",
        "url": "https://bugzilla.suse.com/1201186"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11287 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11287/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-1734 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-1734/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-39226 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-39226/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-44716 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-44716/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-24790 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-24790/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-28346 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-28346/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-34265 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-34265/"
      }
    ],
    "title": "Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma",
    "tracking": {
      "current_release_date": "2022-09-22T14:15:54Z",
      "generator": {
        "date": "2022-09-22T14:15:54Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:3338-1",
      "initial_release_date": "2022-09-22T14:15:54Z",
      "revision_history": [
        {
          "date": "2022-09-22T14:15:54Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "erlang-rabbitmq-client-3.6.16-3.13.1.aarch64",
                "product": {
                  "name": "erlang-rabbitmq-client-3.6.16-3.13.1.aarch64",
                  "product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "grafana-6.7.4-4.23.1.aarch64",
                "product": {
                  "name": "grafana-6.7.4-4.23.1.aarch64",
                  "product_id": "grafana-6.7.4-4.23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "rabbitmq-server-3.6.16-3.13.1.aarch64",
                "product": {
                  "name": "rabbitmq-server-3.6.16-3.13.1.aarch64",
                  "product_id": "rabbitmq-server-3.6.16-3.13.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "rabbitmq-server-plugins-3.6.16-3.13.1.aarch64",
                "product": {
                  "name": "rabbitmq-server-plugins-3.6.16-3.13.1.aarch64",
                  "product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.aarch64",
                "product": {
                  "name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.aarch64",
                  "product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.aarch64",
                "product": {
                  "name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.aarch64",
                  "product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
                "product": {
                  "name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
                  "product_id": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
                "product": {
                  "name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
                  "product_id": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
                "product": {
                  "name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
                  "product_id": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
                "product": {
                  "name": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
                  "product_id": "openstack-murano-4.0.2~dev3-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
                "product": {
                  "name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
                  "product_id": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
                "product": {
                  "name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
                  "product_id": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
                "product": {
                  "name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
                  "product_id": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-Django-1.11.29-3.42.1.noarch",
                "product": {
                  "name": "python-Django-1.11.29-3.42.1.noarch",
                  "product_id": "python-Django-1.11.29-3.42.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-murano-4.0.2~dev3-3.12.1.noarch",
                "product": {
                  "name": "python-murano-4.0.2~dev3-3.12.1.noarch",
                  "product_id": "python-murano-4.0.2~dev3-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
                "product": {
                  "name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
                  "product_id": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
                "product": {
                  "name": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
                  "product_id": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
                "product": {
                  "name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
                  "product_id": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "openstack-murano-test-4.0.2~dev3-3.12.1.noarch",
                "product": {
                  "name": "openstack-murano-test-4.0.2~dev3-3.12.1.noarch",
                  "product_id": "openstack-murano-test-4.0.2~dev3-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-Django-1.11.29-3.42.1.noarch",
                "product": {
                  "name": "python3-Django-1.11.29-3.42.1.noarch",
                  "product_id": "python3-Django-1.11.29-3.42.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
                "product": {
                  "name": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
                  "product_id": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "erlang-rabbitmq-client-3.6.16-3.13.1.ppc64le",
                "product": {
                  "name": "erlang-rabbitmq-client-3.6.16-3.13.1.ppc64le",
                  "product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "grafana-6.7.4-4.23.1.ppc64le",
                "product": {
                  "name": "grafana-6.7.4-4.23.1.ppc64le",
                  "product_id": "grafana-6.7.4-4.23.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "rabbitmq-server-3.6.16-3.13.1.ppc64le",
                "product": {
                  "name": "rabbitmq-server-3.6.16-3.13.1.ppc64le",
                  "product_id": "rabbitmq-server-3.6.16-3.13.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "rabbitmq-server-plugins-3.6.16-3.13.1.ppc64le",
                "product": {
                  "name": "rabbitmq-server-plugins-3.6.16-3.13.1.ppc64le",
                  "product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.ppc64le",
                "product": {
                  "name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.ppc64le",
                  "product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.ppc64le",
                "product": {
                  "name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.ppc64le",
                  "product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "erlang-rabbitmq-client-3.6.16-3.13.1.s390x",
                "product": {
                  "name": "erlang-rabbitmq-client-3.6.16-3.13.1.s390x",
                  "product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "grafana-6.7.4-4.23.1.s390x",
                "product": {
                  "name": "grafana-6.7.4-4.23.1.s390x",
                  "product_id": "grafana-6.7.4-4.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "rabbitmq-server-3.6.16-3.13.1.s390x",
                "product": {
                  "name": "rabbitmq-server-3.6.16-3.13.1.s390x",
                  "product_id": "rabbitmq-server-3.6.16-3.13.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "rabbitmq-server-plugins-3.6.16-3.13.1.s390x",
                "product": {
                  "name": "rabbitmq-server-plugins-3.6.16-3.13.1.s390x",
                  "product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.s390x",
                "product": {
                  "name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.s390x",
                  "product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.s390x",
                "product": {
                  "name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.s390x",
                  "product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-6.7.4-4.23.1.x86_64",
                "product": {
                  "name": "grafana-6.7.4-4.23.1.x86_64",
                  "product_id": "grafana-6.7.4-4.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rabbitmq-server-3.6.16-3.13.1.x86_64",
                "product": {
                  "name": "rabbitmq-server-3.6.16-3.13.1.x86_64",
                  "product_id": "rabbitmq-server-3.6.16-3.13.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
                "product": {
                  "name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
                  "product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "erlang-rabbitmq-client-3.6.16-3.13.1.x86_64",
                "product": {
                  "name": "erlang-rabbitmq-client-3.6.16-3.13.1.x86_64",
                  "product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64",
                "product": {
                  "name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64",
                  "product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.x86_64",
                "product": {
                  "name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.x86_64",
                  "product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HPE Helion OpenStack 8",
                "product": {
                  "name": "HPE Helion OpenStack 8",
                  "product_id": "HPE Helion OpenStack 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:hpe-helion-openstack:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 8",
                "product": {
                  "name": "SUSE OpenStack Cloud 8",
                  "product_id": "SUSE OpenStack Cloud 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 8",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 8",
                  "product_id": "SUSE OpenStack Cloud Crowbar 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch"
        },
        "product_reference": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch"
        },
        "product_reference": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-6.7.4-4.23.1.x86_64 as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64"
        },
        "product_reference": "grafana-6.7.4-4.23.1.x86_64",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
        },
        "product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-Django-1.11.29-3.42.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch"
        },
        "product_reference": "python-Django-1.11.29-3.42.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-murano-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "python-murano-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-3.6.16-3.13.1.x86_64 as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64"
        },
        "product_reference": "rabbitmq-server-3.6.16-3.13.1.x86_64",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
        },
        "product_reference": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch"
        },
        "product_reference": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch"
        },
        "product_reference": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch"
        },
        "product_reference": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch"
        },
        "product_reference": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch"
        },
        "product_reference": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-6.7.4-4.23.1.x86_64 as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64"
        },
        "product_reference": "grafana-6.7.4-4.23.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
        },
        "product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-Django-1.11.29-3.42.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch"
        },
        "product_reference": "python-Django-1.11.29-3.42.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "python-murano-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64"
        },
        "product_reference": "rabbitmq-server-3.6.16-3.13.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
        },
        "product_reference": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch"
        },
        "product_reference": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch"
        },
        "product_reference": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch"
        },
        "product_reference": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-6.7.4-4.23.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64"
        },
        "product_reference": "grafana-6.7.4-4.23.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
        },
        "product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-Django-1.11.29-3.42.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch"
        },
        "product_reference": "python-Django-1.11.29-3.42.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch"
        },
        "product_reference": "python-murano-4.0.2~dev3-3.12.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64"
        },
        "product_reference": "rabbitmq-server-3.6.16-3.13.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
        },
        "product_reference": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
        },
        "product_reference": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-11287",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11287"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The \"X-Reason\" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
          "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
          "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11287",
          "url": "https://www.suse.com/security/cve/CVE-2019-11287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1157665 for CVE-2019-11287",
          "url": "https://bugzilla.suse.com/1157665"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-22T14:15:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-11287"
    },
    {
      "cve": "CVE-2020-1734",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-1734"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
          "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
          "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-1734",
          "url": "https://www.suse.com/security/cve/CVE-2020-1734"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1164139 for CVE-2020-1734",
          "url": "https://bugzilla.suse.com/1164139"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-22T14:15:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-1734"
    },
    {
      "cve": "CVE-2021-39226",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-39226"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
          "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
          "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-39226",
          "url": "https://www.suse.com/security/cve/CVE-2021-39226"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191454 for CVE-2021-39226",
          "url": "https://bugzilla.suse.com/1191454"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-22T14:15:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-39226"
    },
    {
      "cve": "CVE-2021-44716",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-44716"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
          "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
          "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-44716",
          "url": "https://www.suse.com/security/cve/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193597 for CVE-2021-44716",
          "url": "https://bugzilla.suse.com/1193597"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-22T14:15:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2022-24790",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-24790"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
          "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
          "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-24790",
          "url": "https://www.suse.com/security/cve/CVE-2022-24790"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197818 for CVE-2022-24790",
          "url": "https://bugzilla.suse.com/1197818"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-22T14:15:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-24790"
    },
    {
      "cve": "CVE-2022-28346",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-28346"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
          "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
          "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-28346",
          "url": "https://www.suse.com/security/cve/CVE-2022-28346"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198398 for CVE-2022-28346",
          "url": "https://bugzilla.suse.com/1198398"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-22T14:15:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-28346"
    },
    {
      "cve": "CVE-2022-34265",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-34265"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
          "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
          "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
          "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
          "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
          "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
          "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-34265",
          "url": "https://www.suse.com/security/cve/CVE-2022-34265"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201186 for CVE-2022-34265",
          "url": "https://bugzilla.suse.com/1201186"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
            "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
            "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
            "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
            "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
            "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
            "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-22T14:15:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-34265"
    }
  ]
}

WID-SEC-W-2022-0967

Vulnerability from csaf_certbund - Published: 2021-12-16 23:00 - Updated: 2024-05-30 22:00

Summary

Red Hat Enterprise Linux (go-toolset): Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution. Oracle Linux ist ein Open Source Betriebssystem, welches unter der GNU General Public License (GPL) verfügbar ist.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux und Oracle Linux ausnutzen, um einen Denial of Service Angriff durchzuführen und vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2021-44716

Es existiert eine Schwachstelle in Red Hat Enterprise Linux und Oracle Linux im "go-toolset". Der Fehler besteht aufgrund eines unkontrollierten Ressourcenverbrauchs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herzustellen.

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenShift Red Hat	`cpe:/a:redhat:openshift:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux 8 Oracle / Linux	`cpe:/o:oracle:linux:8:-`	8
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—

CVE-2021-44717

Es existiert eine Schwachstelle in Red Hat Enterprise Linux und Oracle Linux im "go-toolset". Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenShift Red Hat	`cpe:/a:redhat:openshift:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux 8 Oracle / Linux	`cpe:/o:oracle:linux:8:-`	8
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—

References

33 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2021:5176	external
https://linux.oracle.com/errata/ELSA-2021-5160.html	external
https://discuss.hashicorp.com/t/hcsec-2021-34-vau…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2022:0002	external
https://access.redhat.com/errata/RHSA-2022:0001	external
http://linux.oracle.com/errata/ELSA-2022-0001.html	external
https://access.redhat.com/errata/RHSA-2022:0163	external
https://access.redhat.com/errata/RHSA-2022:0237	external
https://access.redhat.com/errata/RHSA-2022:0260	external
https://alas.aws.amazon.com/AL2022/ALAS-2022-009.html	external
https://access.redhat.com/errata/RHSA-2022:0585	external
https://access.redhat.com/errata/RHSA-2022:0587	external
https://access.redhat.com/errata/RHSA-2022:0055	external
https://access.redhat.com/errata/RHSA-2022:0056	external
https://access.redhat.com/errata/RHSA-2022:0855	external
https://access.redhat.com/errata/RHSA-2022:0842	external
https://access.redhat.com/errata/RHSA-2022:0947	external
https://access.redhat.com/errata/RHSA-2022:0927	external
https://access.redhat.com/errata/RHSA-2022:1056	external
https://access.redhat.com/errata/RHSA-2022:1051	external
https://access.redhat.com/errata/RHSA-2022:1361	external
https://access.redhat.com/errata/RHSA-2022:1372	external
https://access.redhat.com/errata/RHSA-2022:1628	external
https://alas.aws.amazon.com/AL2/ALAS-2022-1776.html	external
https://access.redhat.com/errata/RHSA-2022:1734	external
https://security.gentoo.org/glsa/202208-02	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2023:0407	external
https://access.redhat.com/errata/RHSA-2024:3467	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.\r\nOracle Linux ist ein Open Source Betriebssystem, welches unter der GNU General Public License (GPL) verf\u00fcgbar ist.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux und Oracle Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0967 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0967.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0967 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0967"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory vom 2021-12-16",
        "url": "https://access.redhat.com/errata/RHSA-2021:5176"
      },
      {
        "category": "external",
        "summary": "Oracle Security Advisory vom 2021-12-16",
        "url": "https://linux.oracle.com/errata/ELSA-2021-5160.html"
      },
      {
        "category": "external",
        "summary": "Hashicorp Security Bulletin HCSEC-2021-34 vom 2021-12-23",
        "url": "https://discuss.hashicorp.com/t/hcsec-2021-34-vault-consul-boundary-and-waypoint-affected-by-denial-of-service-in-golang-s-net-http-cve-2021-44716/33527"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:4186-1 vom 2021-12-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009942.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:4169-1 vom 2021-12-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009938.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0002 vom 2022-01-03",
        "url": "https://access.redhat.com/errata/RHSA-2022:0002"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0001 vom 2022-01-03",
        "url": "https://access.redhat.com/errata/RHSA-2022:0001"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-0001 vom 2022-01-04",
        "url": "http://linux.oracle.com/errata/ELSA-2022-0001.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0163 vom 2022-01-18",
        "url": "https://access.redhat.com/errata/RHSA-2022:0163"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0237 vom 2022-01-24",
        "url": "https://access.redhat.com/errata/RHSA-2022:0237"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0260 vom 2022-01-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:0260"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-009 vom 2022-01-27",
        "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-009.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0585 vom 2022-02-21",
        "url": "https://access.redhat.com/errata/RHSA-2022:0585"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0587 vom 2022-02-21",
        "url": "https://access.redhat.com/errata/RHSA-2022:0587"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0055 vom 2022-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2022:0055"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0056 vom 2022-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2022:0056"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0855 vom 2022-03-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:0855"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0842 vom 2022-03-14",
        "url": "https://access.redhat.com/errata/RHSA-2022:0842"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0947 vom 2022-03-16",
        "url": "https://access.redhat.com/errata/RHSA-2022:0947"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0927 vom 2022-03-21",
        "url": "https://access.redhat.com/errata/RHSA-2022:0927"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1056 vom 2022-03-24",
        "url": "https://access.redhat.com/errata/RHSA-2022:1056"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1051 vom 2022-03-24",
        "url": "https://access.redhat.com/errata/RHSA-2022:1051"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1361 vom 2022-04-13",
        "url": "https://access.redhat.com/errata/RHSA-2022:1361"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1372 vom 2022-04-14",
        "url": "https://access.redhat.com/errata/RHSA-2022:1372"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1628 vom 2022-04-27",
        "url": "https://access.redhat.com/errata/RHSA-2022:1628"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-1776 vom 2022-04-27",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1776.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1734 vom 2022-05-05",
        "url": "https://access.redhat.com/errata/RHSA-2022:1734"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202208-02 vom 2022-08-09",
        "url": "https://security.gentoo.org/glsa/202208-02"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3338-1 vom 2022-09-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012332.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0407 vom 2023-01-24",
        "url": "https://access.redhat.com/errata/RHSA-2023:0407"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3467 vom 2024-05-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:3467"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux (go-toolset): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-30T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:33:02.116+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-0967",
      "initial_release_date": "2021-12-16T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-12-16T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-12-21T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: FEDORA-2021-29943703DE, FEDORA-2021-6FDC5EA304"
        },
        {
          "date": "2021-12-22T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Hashicorp aufgenommen"
        },
        {
          "date": "2021-12-23T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-01-02T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-01-04T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-01-18T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-01-19T23:00:00.000+00:00",
          "number": "8",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-C6AE206BE7"
        },
        {
          "date": "2022-01-20T23:00:00.000+00:00",
          "number": "9",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-6E6B59A682"
        },
        {
          "date": "2022-01-24T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-01-25T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-01-27T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-02-21T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-03-10T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-03-14T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-03-16T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-03-21T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-03-24T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-04-13T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-04-27T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat und Amazon aufgenommen"
        },
        {
          "date": "2022-05-05T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-09T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2022-09-22T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-01-24T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "25"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.7.8",
                "product": {
                  "name": "Hashicorp Vault \u003c1.7.8",
                  "product_id": "T021425"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.8.7",
                "product": {
                  "name": "Hashicorp Vault \u003c1.8.7",
                  "product_id": "T021426"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.9.2",
                "product": {
                  "name": "Hashicorp Vault \u003c1.9.2",
                  "product_id": "T021427"
                }
              }
            ],
            "category": "product_name",
            "name": "Vault"
          }
        ],
        "category": "vendor",
        "name": "Hashicorp"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Oracle Linux 8",
                  "product_id": "664006",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:oracle:linux:8:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Red Hat OpenShift",
            "product": {
              "name": "Red Hat OpenShift",
              "product_id": "T008027",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:openshift:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-44716",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux und Oracle Linux im \"go-toolset\". Der Fehler besteht aufgrund eines unkontrollierten Ressourcenverbrauchs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herzustellen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "67646",
          "664006",
          "398363",
          "T012167"
        ]
      },
      "release_date": "2021-12-16T23:00:00.000+00:00",
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2021-44717",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux und Oracle Linux im \"go-toolset\". Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "67646",
          "664006",
          "398363",
          "T012167"
        ]
      },
      "release_date": "2021-12-16T23:00:00.000+00:00",
      "title": "CVE-2021-44717"
    }
  ]
}

WID-SEC-W-2023-0204

Vulnerability from csaf_certbund - Published: 2023-01-25 23:00 - Updated: 2024-08-28 22:00

Summary

Red Hat OpenShift: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Linux

CVE-2021-38561

In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen "Golang" und "kubeVirt". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2021-44716

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2021-44717

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-1705

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-1798

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-1962

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-23772

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-23773

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-23806

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-28131

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-29526

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-30629

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-30630

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-30631

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-30632

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-30633

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-30635

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

CVE-2022-32148

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat OpenShift Container Platform <4.11.43 Red Hat / OpenShift		Container Platform <4.11.43
Red Hat OpenShift Container Platform <4.15.29 Red Hat / OpenShift		Container Platform <4.15.29
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Container Platform <4.12.1 Red Hat / OpenShift		Container Platform <4.12.1
Red Hat OpenShift Container Platform <4.11.44 Red Hat / OpenShift		Container Platform <4.11.44
Red Hat OpenShift <4.12.0 Red Hat / OpenShift		<4.12.0
Red Hat OpenShift Container Platform 4.12 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.12`	Container Platform 4.12
Red Hat OpenShift Developer Tools and Services 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:developer_tools_and_services_4.11`	Developer Tools and Services 4.11
Red Hat OpenShift Container Platform 4.11 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.11`	Container Platform 4.11
Red Hat OpenShift Container Platform 4.13 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.13`	Container Platform 4.13

References

25 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2023:0408	external
https://access.redhat.com/errata/RHSA-2023:0566	external
https://access.redhat.com/errata/RHSA-2023:0652	external
https://access.redhat.com/errata/RHSA-2023:0769	external
https://access.redhat.com/errata/RHSA-2023:0774	external
https://access.redhat.com/errata/RHSA-2023:0890	external
https://access.redhat.com/errata/RHSA-2023:0895	external
https://access.redhat.com/errata/RHSA-2023:1042	external
https://access.redhat.com/errata/RHSA-2023:1529	external
https://access.redhat.com/errata/RHSA-2023:2367	external
https://access.redhat.com/errata/RHSA-2023:2357	external
https://access.redhat.com/errata/RHSA-2023:2283	external
https://access.redhat.com/errata/RHSA-2023:2282	external
https://access.redhat.com/errata/RHSA-2023:2253	external
https://access.redhat.com/errata/RHSA-2023:1328	external
https://access.redhat.com/errata/RHSA-2023:1326	external
https://access.redhat.com/errata/RHSA-2023:3542	external
https://access.redhat.com/errata/RHSA-2023:3642	external
https://access.redhat.com/errata/RHSA-2023:3664	external
https://access.redhat.com/errata/RHSA-2023:3914	external
https://access.redhat.com/errata/RHSA-2023:3915	external
https://access.redhat.com/errata/RHSA-2023:4488	external
https://access.redhat.com/errata/RHSA-2024:5754	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0204 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0204.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0204 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0204"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0408 vom 2023-01-25",
        "url": "https://access.redhat.com/errata/RHSA-2023:0408"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0566 vom 2023-02-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:0566"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0652 vom 2023-02-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:0652"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0769 vom 2023-02-21",
        "url": "https://access.redhat.com/errata/RHSA-2023:0769"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0774 vom 2023-02-22",
        "url": "https://access.redhat.com/errata/RHSA-2023:0774"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0890 vom 2023-02-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:0890"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0895 vom 2023-02-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:0895"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1042 vom 2023-03-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:1042"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1529 vom 2023-03-30",
        "url": "https://access.redhat.com/errata/RHSA-2023:1529"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:2367 vom 2023-05-09",
        "url": "https://access.redhat.com/errata/RHSA-2023:2367"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:2357 vom 2023-05-09",
        "url": "https://access.redhat.com/errata/RHSA-2023:2357"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:2283 vom 2023-05-09",
        "url": "https://access.redhat.com/errata/RHSA-2023:2283"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:2282 vom 2023-05-09",
        "url": "https://access.redhat.com/errata/RHSA-2023:2282"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:2253 vom 2023-05-09",
        "url": "https://access.redhat.com/errata/RHSA-2023:2253"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1328 vom 2023-05-18",
        "url": "https://access.redhat.com/errata/RHSA-2023:1328"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1326 vom 2023-05-18",
        "url": "https://access.redhat.com/errata/RHSA-2023:1326"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3542 vom 2023-06-14",
        "url": "https://access.redhat.com/errata/RHSA-2023:3542"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3642 vom 2023-06-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:3642"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3664 vom 2023-06-19",
        "url": "https://access.redhat.com/errata/RHSA-2023:3664"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3914 vom 2023-07-06",
        "url": "https://access.redhat.com/errata/RHSA-2023:3914"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3915 vom 2023-07-06",
        "url": "https://access.redhat.com/errata/RHSA-2023:3915"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4488 vom 2023-08-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:4488"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:5754 vom 2024-08-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:5754"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat OpenShift: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-08-28T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-29T08:11:19.180+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2023-0204",
      "initial_release_date": "2023-01-25T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-01-25T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-02-06T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-02-14T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-02-20T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-02-21T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-02-28T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-03-06T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-03-29T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-05-09T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-05-18T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-14T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-15T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-19T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-07-05T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-08-06T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-08-28T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "16"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.12.1",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.12.1",
                  "product_id": "T025202"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.12.1",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.12.1",
                  "product_id": "T025202-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.11",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.11",
                  "product_id": "T025990",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform_4.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.12.0",
                "product": {
                  "name": "Red Hat OpenShift \u003c4.12.0",
                  "product_id": "T026026"
                }
              },
              {
                "category": "product_version",
                "name": "4.12.0",
                "product": {
                  "name": "Red Hat OpenShift 4.12.0",
                  "product_id": "T026026-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.12.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.12",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.12",
                  "product_id": "T026435",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform_4.12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.13",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.13",
                  "product_id": "T027760",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform_4.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.11.43",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.11.43",
                  "product_id": "T028132"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.11.43",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.11.43",
                  "product_id": "T028132-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.11.43"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Developer Tools and Services 4.11",
                "product": {
                  "name": "Red Hat OpenShift Developer Tools and Services 4.11",
                  "product_id": "T028205",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.11.44",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.11.44",
                  "product_id": "T028416"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.11.44",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.11.44",
                  "product_id": "T028416-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.11.44"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.15.29",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.15.29",
                  "product_id": "T037140"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.15.29",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.15.29",
                  "product_id": "T037140-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.15.29"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-38561",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2021-38561"
    },
    {
      "cve": "CVE-2021-44716",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2021-44717",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2021-44717"
    },
    {
      "cve": "CVE-2022-1705",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1798",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-1798"
    },
    {
      "cve": "CVE-2022-1962",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-23772",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-23772"
    },
    {
      "cve": "CVE-2022-23773",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-23773"
    },
    {
      "cve": "CVE-2022-23806",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-23806"
    },
    {
      "cve": "CVE-2022-28131",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-29526",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-29526"
    },
    {
      "cve": "CVE-2022-30629",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-30629"
    },
    {
      "cve": "CVE-2022-30630",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30635",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-32148",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028132",
          "T037140",
          "67646",
          "T025202",
          "T028416",
          "T026026",
          "T026435",
          "T028205",
          "T025990",
          "T027760"
        ]
      },
      "release_date": "2023-01-25T23:00:00.000+00:00",
      "title": "CVE-2022-32148"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-44716 (GCVE-0-2021-44716)

Tags

Sightings

Nomenclature